Crypto Firm Ledger’s Breach Hits One Million Customers

Spread the love
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  

Crypto Firm Ledger’s Breach Hits One Million CustomersCrypto-wallet firm Ledger has revealed a major security breach of its e-commerce and marketing database, resulting in the compromise of one million customer email addresses and the personal details of thousands.

Aside from the email addresses, which could be used in follow-on phishing attacks spoofing the brand, the hacker made off with the personally identifiable information (PII) of 9500 customers, including first and last name, postal address, phone number and ordered products.

Ledger was at pains to point out that no financial information or passwords were taken and that the incident doesn’t affect customers’ hardware wallets or stored funds.

The firm said it notified the French data protection regulator CNIL on July 17 and enlisted the help of Orange Cyberdefense four days after that to assess the damage and enhance its internal security posture.

“On July 14, 2020, a researcher participating in our bounty program made us aware of a potential data breach on the Ledger website. We immediately fixed this breach after receiving the researcher’s report and underwent an internal investigation,” the notice read.

“A week after patching the breach, we discovered it had been further exploited on June 25, 2020, by an unauthorized third party who accessed our e-commerce and marketing database.”

The firm added that it was now taking steps towards meeting ISO 27001.

Chris DeRamus, VP of technology at Rapid7’s Cloud Security Practice, argued that despite Ledger’s assurances, the incident will impact customer confidence in the brand.

“It is crucial to ensure that all sensitive information – from email addresses to cryptocurrency funds – is secure and kept out of the hands of threat actors,” he added.

“To ensure that a company database is secured, businesses should have Identity Access Management (IAM) governance in place. They should follow the principle of least-privileged access when provisioning IAM permissions by providing checks to restrict identities from being able to access beyond their systems.”

X ITM Cloud News

Catarina

Leave a Reply

Next Post

US lawmakers grill big tech chiefs over market power

Fri Jul 31 , 2020
Spread the love          X ITM Cloud News
X- ITM

Cloud Computing – Consultancy – Development – Hosting – APIs – Legacy Systems

X-ITM Technology helps our customers across the entire enterprise technology stack with differentiated industry solutions. We modernize IT, optimize data architectures, and make everything secure, scalable and orchestrated across public, private and hybrid clouds.

This image has an empty alt attribute; its file name is x-itmdc.jpg

The enterprise technology stack includes ITO; Cloud and Security Services; Applications and Industry IP; Data, Analytics and Engineering Services; and Advisory.

Watch an animation of  X-ITM‘s Enterprise Technology Stack

We combine years of experience running mission-critical systems with the latest digital innovations to deliver better business outcomes and new levels of performance, competitiveness and experiences for our customers and their stakeholders.

X-ITM invests in three key drivers of growth: People, Customers and Operational Execution.

The company’s global scale, talent and innovation platforms serve 6,000 private and public-sector clients in 70 countries.

X-ITM’s extensive partner network helps drive collaboration and leverage technology independence. The company has established more than 200 industry-leading global Partner Network relationships, including 15 strategic partners: Amazon Web Services, AT&T, Dell Technologies, Google Cloud, HCL, HP, HPE, IBM, Micro Focus, Microsoft, Oracle, PwC, SAP, ServiceNow and VMware

.

X ITM