Ledger said customer details have been stolen in a data breach that may well have been exploited for over two months.
- In a note to clients Wednesday, CEO Pascal Gauthier said the French hardware wallet provider fell victim to a large scale data breach from an unauthorized third party.
- The hacker, whose identity remains unknown, gained access to Ledger's e-commerce and marketing database.
- Customers affected include those who signed up to Ledger's newsletter or receive promotional material.
- Information stolen included email addresses, with a smaller "subset" of 9,500 customers also having their full names, postal addresses, and phone numbers exposed.
- In total, the company estimates around one million email addresses have been stolen.
- Payment information, passwords, and cryptocurrency funds have not been affected.
- The data breach was first detected as part of a bug bounty program on July 14; Ledger estimates the data may have been exposed from April until the end of June.
- The wallet provider has now alerted the French authorities and is filing a complaint with the public prosecutor.
- Ledger said they have not found customer information disseminated online nor have they received any ransom demands.
See also: Coincheck Customers Fall Victim to Data Breach After Domain Account Error