Ledger users file a class-action lawsuit against Shopify over a data breach

on Apr 5, 2022
  • Ledger users have filed a class-action lawsuit against Shopify.
  • The lawsuit claims that Shopify failed to alert customers as soon as the data breach happened.
  • The plaintiffs are seeking monetary compensation for the damages caused by the breach.

Follow Invezz on Telegram, Twitter, and Google News for instant updates >

Shopify, a leading global eCommerce platform, faces a class-action lawsuit filed by users of the Ledger hardware wallet. The lawsuit stems from a major data breach that happened in 2020.

Shopify faces a class-action lawsuit

The class-action lawsuit was filed at the US District Court of Delaware on April 1. The lawsuit states that Shopify failed to protect the identities of its customers. The plaintiffs hold Shopify and TaskUs, a third-party data consultant, responsible for leaking personally identifiable information (PII) of Ledger customers.

The lawsuit further says that Shopify and TaskUs were aware of the data breach for a week before alerting customers. The plaintiffs want Ledger and Shopify to disclose the nature of the leaked information. They also want monetary compensation for the damages.

Ledger is added as a defendant in the case, with the plaintiffs saying that the company failed to uphold user security as promised in its marketing. The lawsuit states that Ledger had “initially denied that any compromise of PII had occurred” but later changed the statement and admitted the leak.

The lawsuit said,

Despite the repeated promises and worldwide advertising campaign touting unmatched security for its customers, Ledger – and its data processing vendors, Shopify and TaskUs – repeatedly and profoundly failed to protect its customers’ identities, causing targeted attacks on thousands of customers’ crypto-assets and causing Class members to receive far less security than they thought they had purchased with their Ledger Wallets.

Ledger 2020 hack

Ledger partnered with Shopify to run an online store for its website. This gave Shopify access to customers’ PII on the Ledger database. TaskUs also had access to Ledger’s customer data because the former is used by Shopify to provide customer support.

In 2020, a massive data breach happened, where the information of around 272,000 Ledger users and more than 1 million email subscribers to the Ledger newsletter. The hackers used these details to run a massive phishing campaign, which led to some Ledger users losing their cryptocurrencies.

A similar data breach happened recently on the Trezor hardware wallet, where hackers used the MailChimp email marketing service provider to access Trezor’s email list and launch a phishing campaign.


Get started in crypto easily by following crypto signals & charts by pro-trader Lisa N Edwards. Sign-up today for easy-to-follow trades for tonnes of altcoins at GSIC.