Background
Ledger, a popular hardware wallet provider for cryptocurrency, recently experienced a security breach that led to the exposure of customer data. In response to the incident, the CEO and Chairman of Ledger, Pascal Gauthier, has provided an explanation of the hack and assured customers that it was an isolated incident. The company is now actively working with law enforcement agencies to identify the culprit and hold them accountable.
The Hack and Customer Data Exposure
According to Gauthier, the attack on Ledger’s infrastructure occurred in June of 2020. The attacker gained unauthorized access to the company’s e-commerce and marketing databases, which contained information such as customer names, email addresses, and even some postal addresses and phone numbers. Importantly, the hacker did not gain access to sensitive data like customer funds or private keys, which are stored separately in a secure element chip.
Response and Mitigation Measures
As soon as Ledger became aware of the breach, they took immediate action to address the situation. They patched the vulnerability that was exploited and conducted a thorough investigation to identify the extent of the breach and the potential impact on customers. The company also enlisted the help of third-party forensic experts to assist in the investigation.
In addition, Ledger has implemented enhanced security measures to prevent similar incidents from happening in the future. These measures include:
– Implementing a bug bounty program to encourage ethical hackers to identify vulnerabilities and report them for a reward.
– Conducting ongoing security assessments and audits of their infrastructure to ensure the highest level of protection.
– Introducing a new mechanism called “Ledger Live” that allows customers to directly manage their assets without sharing sensitive data with the company.
Customer Communications and Support
Ledger has been proactive in transparently communicating with its customers about the hack and providing them with guidance on how to protect themselves. The company has regularly updated their website with information about the incident, including an FAQ section to address common customer concerns.
Ledger has also advised customers on how to be vigilant against phishing attempts that may arise as a result of the exposed customer data. By recommending best practices such as never sharing their 24-word recovery phrase and being cautious of unsolicited communications, the company aims to empower customers to take proactive steps to safeguard their assets.
Working with Law Enforcement
Ledger is actively collaborating with law enforcement agencies to identify and bring the hacker responsible for the breach to justice. Gauthier emphasizes the severity of the attack and the company’s commitment to pursuing legal action against the attacker. Ledger is determined to protect its customers and ensure that the perpetrator is held accountable for their actions.
In conclusion, Ledger’s CEO and Chairman, Pascal Gauthier, has provided an explanation of the recent security breach that led to the exposure of customer data. The company has taken immediate action to address the issue and prevent similar incidents in the future. Ledger has engaged with customers by providing regular updates, guidance, and advice on how to protect themselves. Furthermore, the company is actively cooperating with law enforcement agencies to identify and bring the hacker to justice.