Ledger won’t compensate users affected by data leak: CEO

Digital currency hardware wallet firm Ledger will not reimburse users who were affected by its data breach, the CEO has confirmed. In a recent interview, Pascal Gauthier stated that with the magnitude of the hacked users, compensation would sink his company financially.

Hackers attacked Ledger in late June, stealing the email addresses of 1 million customers. At the time, the Paris-based company claimed that the hackers had only stolen additional information such as home addresses and phone numbers for just 9,500 users. However, as CoinGeek reported, the hackers published personal information for 272,000 Ledger users recently on a dark web forum.

Now, the CEO has revealed that Ledger has no intention of compensating the affected uses. Speaking to Decrypt, he claimed that his company isn’t financially capable of reimbursing all the users.

He stated, “When you have a data breach of this magnitude for such a small company, we won’t reimburse for a million users, all the devices, that’s just not possible. It would just kill the company.”

Instead, Ledger is focusing on the future, putting systems in place that will ensure such a breach doesn’t recur, Gauthier told the outlet.

The CEO’s comments come at a time when cybercriminals have stepped up their attacks against the Ledger users. Initially, the criminals only targeted the users through spear-phishing attacks to steal their credentials. This has now changed with the release of the 272,000 users’ personal information.

As several users have revealed on Twitter and Reddit, the criminals are now threatening to invade the users’ homes. In one sample email of a threat to a Ledger user, the criminal states:

“…I have recently become aware of your cryptocurrency holdings. I also live in (redacted) and I also know that you live at (redacted). I’m not afraid to invade your home. I’m offering you $500 (shouldn’t be too much to you considering the recent pump) to leave you alone.”

The email goes on to threaten the user that failure to pay will force the criminal to invade his house and inflict physical harm.

The Ledger CEO, however, dismissed these threats as empty. The database has been out for close to six months and nobody has yet to report a related attack, he claimed. Nevertheless, users should take precautions such as not storing private keys in their homes.

“Would you keep a million dollar in cash at home? If you have that much wealth, you shouldn’t keep it in your house.”

Already, Ledger users have reported losing their digital currency holdings to these hackers. As one users narrated on Twitter, the hackers changed his passwords on Coinbase, Binance and Dropbox. They then went on to steal $2,000 worth of digital currencies from his Coinbase Pro account before he could reclaim control of his online identity.

@ledger is hacked, and the next day I have my sim hacked! WTF. Its currently happening. No service on my phone, they got into authenticator app and are requesting password changes to several sites including @coinbase. #crypto Not even sure what to do.

— Jimbo Chewdip (@jimbochewdip) December 22, 2020

See also: CoinGeek Live panel on the Future of Digital Asset Security & Custody