Global e-commerce platform Shopify and hardware wallet maker Ledger face a major legal hurdle as a group of Ledger users have filed a class-action lawsuit for its part in failing to prevent a massive data breach in 2020.
The suit was filed in the U.S. District Court of Delaware on Apr. 1 and alleges that Shopify “repeatedly and profoundly failed to protect its customers’ identities.”
Shopify and its third-party data consultant TaskUs are being held responsible by complainants for leaking personally identifiable information (PII) of Ledger buyers despite marketing promises assuring the full security of the Shopify platform.
The plaintiffs claim Shopify and TaskUs were aware of the data breach for over a week before notifying customers. They are asking for the exact type of information leaked to be disclosed by Ledger and Shopify and for a monetary reward that covers actual and punitive damages.
France-based Ledger is also included as a defendant in the case for its marketing claims promising customer security. The complaint states that Ledger “initially denied that any compromise of PII had occurred,” but later had to backtrack and refer to the leak and to Shopify in an email notification. The complaint stated:
Hardware wallets, otherwise known as cold wallets, are physical devices that provide crypto users with added security for their private keys and seed phrases. They are marketed to be more secure than hot wallets.
As the complaint alleges, Ledger used Shopify to run its website’s online store. As a result of that relationship, Shopify had direct access to the PII of customers on Ledger’s database. Shopify uses TaskUs to provide customer support services, and therefore it also had access to Ledger’s customer data.
Hackers
Read more on cointelegraph.com