Expert Commentary: Ledger Suffered Data Breach, Names, Phone Numbers, Postal Addresses Leaked

By   ISBuzz Team
Writer , Information Security Buzz | Jul 31, 2020 01:01 am PST

France-based major hardware wallet provider Ledger has admitted it suffered a data breach on June 17 that appears to have allowed a “third party” access to at least 1 million of its users’ contact details. The firm took to Twitter to state that its marketing and e-commerce database was compromised through a third party’s API key that was misconfigured on their website, exposing its customers’ contact details and order information, although Ledger claimed that there was no spill of crypto holdings or client transaction information.

Notify of
1 Expert Comment
Oldest Most Voted
Inline Feedbacks
View all comments
Chris DeRamus
Chris DeRamus , VP of Technology Cloud Security Practice
July 31, 2020 9:02 am

Cryptocurrency is an incredibly sensitive industry when it comes to data breaches. Although Ledger has reported that payment info, passwords, and cryptocurrency funds were not affected, it will affect customer trust knowing their personal data was left unprotected. It is crucial to ensure that all sensitive information – from email addresses to cryptocurrency funds – is secure and kept out of the hands of threat actors.

To ensure that a company database is secured, businesses should have Identity Access Management (IAM) governance in place. Businesses should follow the principle of least-privileged access when provisioning IAM permissions by providing checks to restrict identities from being able to access beyond their systems. This is possible by implementing automated security tools that continually protect systems and servers from IAM vulnerabilities, as well as misconfigurations, policy violations, and other threats to ensure total security and compliance.

Last edited 3 years ago by Chris DeRamus

Recent Posts

Would love your thoughts, please comment.x