The class-action lawsuit filed against Shopify allegedly accuses the e-commerce platform of deliberately concealing the information on the data breach from its users for over a week.
Shopify and Ledger, a hardware wallet company, are facing a huge legal battle after a group of Ledger customers filed a class action complaint accusing them of failing to prevent a large data breach in 2020.
Shopify deliberately withheld informaton from its users
The class action against the e-commerce giant revealed that it deliberately withheld information from its users. According to the lawsuit filed against the commerse giant in the United States District Court in Delaware on the 1st of April 2022, they “repeatedly and profoundly failed to protect the identity of its customers.”
Plaintiffs accuse the e-commerce giant and its third-party data consultancy TaskUs of leaking personally identifiable information (PII) from Ledger customers despite marketing assurances that the Shopify platform would be entirely safe.
According to the plaintiffs, the e-commerce firm and TaskUs were aware of the data breach for more than a week before informing consumers. They alleged that Ledger and the e-commerce firm divulge the specific sort of information that was compromised, as well as a monetary judgment covering both actual and punitive damages.
Ledger, a firm based in France, is also mentioned as a defendant in the class action for promising customers security in its marketing. According to the complaint, Ledger “initially denied that any compromise of PII had occurred,” but was forced to backtrack and allude to the leak and Shopify in an email notification when the company was exposed.
“Despite the repeated promises and worldwide advertising campaign touting unmatched security for its customers, Ledger—and its data processing vendors, Shopify and TaskUs—repeatedly and profoundly failed to protect its customers’ identities, causing targeted attacks on thousands of customers’ crypto-assets and causing Class members to receive far less security than they thought they had purchased with their Ledger Wallets.”
According to the lawsuit, Ledger employed Shopify to handle its online business. The e-commerce giant had direct access to customers’ PII on the Ledger database as a result of this partnership. Shopify utilizes TaskUs to provide customer care, therefore it has access to Ledger’s customer data as well.
In 2020, hackers stole the personal information of about one million Ledger newsletter email subscribers and around 272,000 Ledger users. Following that, a massive phishing and intimidation operation targeted owners of the De Ledger led to the loss of crypto-assets by some victims.
This isn’t the first lawsuit against Shopify and Ledger
This isn’t the first time that Ledger and Shopify have been sued for the data leak. Another set of litigants filed suit in California in April 2021. In that case, Shopify and Ledger were accused of “negligently allowing, carelessly ignoring, and then willfully seeking to hide” claims identical to those made in the new Delaware filing.
Trezor, a hardware wallet company, was the subject of a phishing attempt on April 2 that used marketing services provider MailChimp to target its users. Trezor revealed that there had been a data breach in a Tweet on April 3. Users were notified that the firm would no longer communicate through the newsletter and that three of its domains will be shut down.