Ledger Security Notice-Ecommerce and Marketing data have been exposed-Funds Ok

[erikoy]

Sure it's really likely that the database wouldn't be given to some criminals(or publicly leaked) today or tomorrow, but yea this is something people shouldn't set aside for the meantime and deal with it in the future instead; which I assume people are doing.

Anyway, this shouldn't solely be a $5 wrench issue. The data being publicly available also means the government is going to know which people actually poses bitcoin and cryptocurrencies; which is also definitely a bad thing.

I think government could not do harm to their community wether holding crypto or not. But I guess the real problem is all about misuse of the identity being taken from the said event. It is likely a big problem to those individuals especially if their identity will be use for criminal activities and get drag into it by the misuse of the criminals. I have obeserve that government does not really rely based on stories when they caught a suspect. They rely on the evidences and identity being exposed of the crime.

[mk4]

I think government could not do harm to their community wether holding crypto or not.

You'd be surprised what a certain country's government would do just to get what they want. Probably safe for now since most countries are pretty chill with bitcoin and cryptocurrencies in general, but wait til some of them enforces strict rules.

[20kevin20]

A random shower thought I just had: would e-mailing these companies and kindly asking them to erase all the data they stored about you be a good idea to consider for future orders/accounts we make? I think it does increase the chances of not being part of future data leaks/hacks, or it at least decreases the amount of information one could steal.. especially for orders from companies such as Ledger, from where you rarely place orders at all.

[DdmrDdmr]

<…>

An email demanding such course of action would likely not be taken seriously (meaning by that, executed correctly) unless the corporation has a properly tested inner protocol already established for such cases, and the jurisdiction they are under covers the event.

For example GDPR allows you to demand your personal data to be deleted, but there are many things to consider in the equation. A purchase order can be considered as a financial contract, and financial contracts need to be stored for a certain amount of years, superseding GDPR. Additionally, backups are another potentially exploitable weak point (and that is one hell of a job to delete from a backup in general).

Even so, if one is concerned, and the case here raises awareness and concerns, one is always entitled to try and see what kind of response they get, alongside the guarantees that the deletion actually takes place (if at all).

[cryptoaddictchie]

If you received an official email from them, then you are one of the 9,500 customers affected by the hack.

Hello maybe yes, but there is a confirmation message which DmdrDmdr saw on twitter. There is unique email that will be sent a second one with the specific leaked on each user. Ive just recently bought my ledger so Ive expect my email used could be included ( hope not) but I followed up a message to them confirming and just waiting their response.

Ok, thanks. Good to know that those 9.500 customers involved in the personal data breach were explicitly informed on which specific data was involved. This was done through a second email, distinct from the one reflected in the OP

no way to target big holders -- the chances seem remote.

This is reassuring. Not really a big holder, emailed leaked is really frustrating especially if its your personal email that was used in purchasing the unit.