Popular cryptocurrency hardware wallet provider Ledger has suffered a security breach, with more than one million email addresses being stolen.
The attack, according to Ledger CEO Pascal Gauthier, was from an unauthorised third party and reportedly went on for more than two months.
Customers affected by the breach include those who signed up to newsletters and promotional material, as well as 9,500 customers that had their full names, postal addresses and phone numbers stolen.
In a note to customers via email, Gauthier said: “Our ecommerce and marketing database leaked, we immediately fixed the breach. Contact and order details were involved. Your funds are safe.”
He then reassured customers by confirming that “payment information, credentials (passwords) or crypto funds are not impacted by this data breach,” before adding that it has no impact on the hardware wallets or Ledger Live application.
Outlining the next steps, he continued: “We have taken immediate action on 14th of July 2020, to resolve the data breach.
We take privacy very seriously. Regardless of all we did to avoid and fix this situation, we sincerely apologize for the inconvenience that this matter may cause you.
— Ledger (@Ledger) July 29, 2020
“On the 17th of July, we notified the CNIL — the French Data Protection Authority — about this data breach and are continuing to work with authorities throughout the legal process.
“We are continuously monitoring for evidence of our customers’ contact details being disclosed on the internet, and have found none thus far. We also performed an internal penetration test.
“We are currently in the process of filing a complaint before the French public prosecutor regarding the unauthorised access and we will support law enforcement investigation.
“We are extremely regretful for this incident. We take privacy very seriously, and we sincerely apologise for the inconvenience this matter may cause you.”
For more news, guides and cryptocurrency analysis, click here.