Shopify and Ledger, a hardware wallet company, are embroiled in a huge lawsuit after a group of Ledger customers filed a complaint accusing the companies of failing to prevent a data leak in 2020. The lawsuit, filed on April 1 in the United States District Court for the District of Delaware, claims that Shopify “repeatedly and severely failed to safeguard the identities of its clients.”
Petitioners hold Shopify and its third-party data consultant, TaskUs, liable for disclosing personally-identifying information (PII) of Ledger users despite marketing claims that the Shopify platform is totally safe. According to insiders, the companies were aware of the data leak for more than a week before notifying customers. People want Ledger and Shopify to give the relevant details about the exposed information, a monetary award covering both actual and punitive damages.
In the case, Ledger, based in France, is also listed as a defendant for making marketing promises concerning customer security. According to the complaint, Ledger “at first denied that any PII exposure had happened,” but was eventually forced to admit the breach.
The lawsuit claims that Ledger used Shopify to manage its website’s online commerce. As a result of the collaboration, it got direct access to customers’ personally identifiable information (PII) in Ledger’s database. It uses TaskUs to conduct customer service, therefore it also gets access to Ledger’s customer data.
This is not the first class-action complaint filed against Ledger and Shopify as a result of the data leak. In April 2021, a new set of petitioners filed suit in California. In that case, as in the most recent Delaware filing, Shopify and Ledger were accused of “negligently facilitating, carelessly ignoring, and then willfully seeking to cover up.”
