Cyber Incident Victim: Ledger
Date:
Jun 2020
Location:
France
Summary
A cryptocurrency wallet provider experienced a security breach compromising its e-commerce and marketing database, exposing one million customer email addresses and personal information including names, addresses, phone numbers, and order details for thousands of individuals. The incident did not affect financial data, passwords, or hardware wallet security. The breach was initially identified through a bug bounty program report, leading to immediate patching, though subsequent investigation revealed prior unauthorized access. The company engaged a cybersecurity firm for forensic analysis and regulatory notification, while undertaking measures to enhance its security framework.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 5 motives | 2 techniques |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On July 14, 2020, Ledger was alerted to a potential data breach through a researcher participating in its bounty program. The company immediately addressed the vulnerability upon receiving the report and initiated an internal investigation. A week after implementing the fix, Ledger determined that an unauthorized third party had previously exploited the same vulnerability on June 25, 2020, gaining access to the company's e-commerce and marketing database. The breach compromised approximately one million customer email addresses and the personal information of 9,500 customers, including full names, postal addresses, phone numbers, and details of ordered products. Ledger confirmed no financial data, passwords, or cryptocurrency wallet contents were accessed, emphasizing that customer funds stored on hardware wallets remained secure throughout the incident.
Ledger formally notified France's data protection authority (CNIL) of the breach on July 17, 2020. Four days later on July 21, the company engaged Orange Cyberdefense to conduct forensic analysis, assess the breach's full scope, and strengthen internal security measures. Public disclosure occurred in late July when the company published an official notice acknowledging the June intrusion and detailing the compromised data types. The incident exposed affected customers to heightened phishing risks due to the theft of contact information and purchase histories. In response to the breach, Ledger announced it was pursuing ISO 27001 certification as part of its security improvement initiatives, though specific technical details about the vulnerability or attacker methodology were not disclosed in their public statements.