Claim your damage
One of the best-known manufacturers of hardware wallets, Ledger SAS, headquartered in Paris, France, which has so far been able to score points with its customers for high security and ease of use, has been hacked. The cyber attack took place in June 2020 and personal customer data was stolen. The corresponding database with over one million email addresses and personal contact data was published on an internet forum. Since the private keys can only be used by the owners, no cryptocurrencies should have been stolen in the attack.
However, the published information is personal customer contact data that is now online and accessible to everyone. This is the marketing and e-commerce databases, which gave the attackers access to personal contact data. According to Ledger, however, no payment data was affected by the hack. Furthermore, mainly customers from the period June 2020 would be affected.
What should be done now?
All customers who own a Ledger hardware wallet should urgently check whether their data could also be affected by the hack. According to Ledger, around 270,000 customers were affected by the current cyber attack and have already been informed about the incident by email. The exposed data includes email addresses as well as personal contact information such as name, address and phone number.
Since the stolen data is now publicly available on the net, anyone can access it. It is therefore considered very likely that phishing attempts, blackmail and other methods could increase in the coming months. For this reason, it is recommended to carefully check the authenticity of all e-mail correspondence with Ledger. Those affected should now under no circumstances disclose sensitive data such as recovery seeds or passwords.
What legal options do you have to take action against LEDGER?
As far as is known, personal data of almost 300,000 customers were disclosed. Specifically, personal data of the customers, namely first name and surname, address and telephone number were published. The disclosure of the database with thousands of personal data over probably several weeks is likely to constitute a serious violation of the GDPR (European General Data Protection Regulation). According to Art 82 of the GDPR, any person who has suffered material or non-material damage due to a data protection violation is entitled to compensation from the responsible party, i.e. Ledger SAS.
Generally, any person who has suffered material or immaterial damage as a result of a breach of the GDPR is according to its Article 82 entitled to claim damages from the responsible party, ie Ledger SAS. Any data subject can claim reasonable compensation for any breach of the GDPR through the processing of their personal data (non-material damage). The amount of this so-called non-material damage depends on the individual case. It will depend on the impact on the aggrieved person, taking into account the category of data, the gravity and duration of the breach, and the circle and number of recipients of the data. Courts have awarded up to EUR 5,000.00 in comparable cases. If you have even suffered material damage, e.g. through a phishing attack, this damage would have to be compensated. It is advantageous that Ledger SAS would have to prove that it is in no way responsible for the leak.
We will help you to assert your claims.
"Due to the serious data protection breach, customers should definitely be compensated."
- Dr. Florian Scheiber - Attorney at Law
Information about the collection procedure
Due to the large number of applications, the collective procedure is currently closed. However, we will be happy to examine your individual request.