E-commerce giant Shopify is facing a class action lawsuit over the 2020 snafu, when hundreds of thousands of customers had their personal data exposed due to a security breach courtesy of “a rogue Shopify employee”.
Both Shopify and crypto wallet operator Ledge are part of the class action lawsuit, as Ledger customers personal data was exposed as well. Before you ask, Ledger and Shopify were partners, as in the latter handled the former’s online sales. Ledger is one of the most popular cold wallets in the industry, and the 2020 cybersecurity incident which lead to the Shopify data breach back in June hit them hard.
Truth be told, Ledger customers are regular victims of phishing attacks, as this seems to be business as usual in the crypto community. After the rogue Shopify employee behind the latest round of cyber attacks was identified, Ledger CEO reassured his customers that their hardware wallets are safe and all that jazz.
However, a class action lawsuit was filed by law firm Roche Freedman, which filed the complaint in a San Francisco court on April 6. Roche Freedman seems to make a living from chasing crypto firms, as they already filed class actions against iFinex, Tron and Binance.
In regard to the Shopify/Ledger extravaganza, Kyle Roche was quoted as saying:
“We’ve been investigating this since the day it became public. This investigation included speaking with experts in the data security and cryptocurrency fields.”
Ledger general counsel Antoine Thibault said:
“Ledger does not comment on ongoing legal issues. Ledger would however like to take this moment to remind our customers, yet again, never to divulge their 24 words and validate the identity of the recipient of your transactions. You are in sole and total control of access to your funds.”
The case is about who is responsible for what, as Ledger customer wallets were not affected, but the lawsuit questions the security of Shopify’s service as part of Ledger’s duty to clients. To quote from the complaint:
“[b]y operating in the crypto-asset security space, Ledger places itself between user’s funds and would-be hackers. The anonymity of its customer list is a key and obvious element of the security that Ledger offers.”
Speaking of pointing who’s responsible for what, it is essential to find out what Ledger and Shopify knew and how quickly they communicated that information to customers.
“The case is noteworthy because two very large and sophisticated companies handling sensitive information will need to explain why it took them so long to warn their customers about such an awful and highly damaging incident.”