Will ledger go bankrupt?

[LeGaulois]

@bitmover

Additionally,  ledger customers may hold significant amount of bitcoins, potentially good target. While Facebook users are not

As I said in another topic in the French forum, the risk is not so significant as people may think. You can buy an HW wallet as a gift to someone from your friends and family, as a reward for a contest. You may have sold your coins when the market crashed. You may have changed your personal address since
There are so many other things to consider.

Someone would take the risk to come to your home without knowing if you still live there, or if you still hold cryptos, etc? That doesn't make sense or the person is very very hungry.


@ETFbitcoin

It's a bit different since,
1. People know they operate by collecting and selling user's data

Selling user's data to advertising companies is different than having your server hacked and a list published to everybody. When Google+ had an exploit it wasn't selling user data, it was exposing them as a result of a security breach on their servers. The same goes to Amazon and Facebook.

No matter, even if we take the examples I posted earlier from the finance industry, it has to do with the money 'sphere' and information about people.

2. None of their product are security/privacy oriented

I can take a privacy-centric product as another example if you want. How many VPNs, supposed no-log, have suffered a data leak

The European central bank, the US Department of Homeland Security or the IRS data leaks are a lot more important than Ledger, with more possible damages

[o_e_l_e_o]

I can take a privacy-centric product as another example if you want. How many VPNs, supposed no-log, have suffered a data leak

The European central bank, the US Department of Homeland Security or the IRS data leaks are a lot more important than Ledger, with more possible damages

I don't disagree with you at all that other privacy focused products and services have also had data leaked or hacked, and I don't disagree with you at all that there have been other larger and more damaging data leaks.

However, none of that makes what has happened with Ledger OK. It is not sufficient to say "Eh, worse things have happened", and then move on. The fact that Ledger was targeted is not what concerns me. The two things that do concern me are firstly, Ledger were storing full details of a quarter of a million customers in an unencrypted database which was connected to the internet. There are just so many things wrong with that. Why did they have all these unnecessary details? Why were they all in a single database? Why wasn't it encrypted? Why wasn't it secured? Why was it accessible via the internet? Secondly, Ledger either lied about the scale of the data breach, or they were completely unaware of the scale of the data breach until the file went public, and neither of those instill any confidence in me whatsoever. They have made a series of significant security errors followed by a series of significant public relation errors regarding this data leak.

Since I ordered under a pseudonym and drop-off location none of my real details even appear on that database, so the fallout for this literally doesn't affect me at all, but I have still stopped using my Ledger products because of it.

[LeGaulois]

I didn't say it's ok, if you re-read you will see  I was saying worse things have happened (with some examples) yet nobody is shouting. The important point was nobody is shouting anymore after somedays and forget about it. The same thing will happen with Ledger

Why did they have all these unnecessary details?

For accounting or customer service or other things. According to the law, it is mandatory to keep invoices with customers' information and all traces of each and every transaction. It's all the businesses like that, it's just a matter of accounting using a ledger

Why wasn't it secured?

It was, but apparently, not enough, and a (group of) hacker has found a breach in the system. It doesn't mean the system wasn't secured at all

Secondly, Ledger either lied about the scale of the data breach, or they were completely unaware of the scale of the data breach until the file went public, and neither of those instill any confidence in me whatsoever

They didn't lie and had no reason to do so knowing that with the GDPR the company might be in trouble if Ledger had knowingly lied to hide the size of the incident. Not to mention the bad press it would have received.
It's just that Ledger couldn't evaluate accurately the importance of the incident, we can't blame them for that, they did what they could and even hired an outside company to audit.

Their business model is partly based on trust Ledger has no benefit in losing it, on the contrary.

They have made a series of significant security errors followed by a series of significant public relation errors regarding this data leak.

It was a strategic decision if they didn't communicate as the mass thinks they should. No matter the industry, rarely you will see a company communicating 'immediately'