With digital asset platforms and exchanges seeing phishing attacks nearly every day, crypto investors have filed a lawsuit against TaskUs, Shopify, and Ledger over a data breach. The complaint is seeking compensation for the failure to exercise reasonable care in securing and safeguarding information.
The complaint highlighted that the breach resulted in the release of about 272,000 pieces of personal data from Ledger and more than one million subscriber newsletters. This is in regards to a massive 2020 data breach that hit Ledger SAS cryptocurrency hardware wallets. It is outlined that Shopify and TaskUs were aware of the incident for more than a week before they alerted the customers of the latest hack.
The plaintiffs alleged in the lawsuit, which was filed in the US District Court in Delaware on April 1, that Shopify repeatedly and profoundly failed to protect the identity of its customers. Shopify and TaskUs are alleged of leaking personally identifiable information (PII) of Ledger shoppers. The companies had marketed promises to keep the Shopify platform “completely secure”.
Moreover, the complaint says Ledger initially denied that there was any PII compromise. However, it went back to reference the leak in an email notification. The complaint stated that a global advertising campaign touting unparalleled security for its customers, Ledger and its data processing providers, Shopify and TaskUs failed to protect the identity of its customers. It caused targeted attacks on thousands of customer crypto assets, resulting in group members receiving far less security than they thought they had purchased with their Ledger wallets.
The plaintiffs have demanded the exact type of information leaked be disclosed by France-based Ledger and Shopify, and a monetary compensation covering actual and punitive damages.