In this interview, I talk to Ledger CEO, Pascal Gauthier. We discuss the data breach, their disclosure of the hack, how they communicated with those affected and their plans moving forwards.

00:04:15 Introductions
00:05:40 What customer data Ledger store
00:07:13 Your crypto information is safe
00:08:12 Wallet data
00:09:09 Data stored for tax reasons
00:09:50 GDPR compliance and data removal request
00:10:13 The story of what happened
00:14:34 How the breach occurred
00:17:09 Process change and future prevention
00:18:53 White hat and black hat hackers
00:19:56 Full transparency to all customers
00:20:47 Phishing attacks
00:21:56 Lessons learned
00:22:55 Ledger product security
00:25:21 Question is Use Ledger Live safe?
00:25:39 Question what are the risks to look out for?
00:26:23 Question any security recommendations?
00:30:33 Peter's security measures
00:33:36 Ledger bringing multisig in 2021
00:36:34 Regulations surrounding storing data
00:37:57 Ledger staff morale
00:39:26 Rebuilding customer confidence
00:40:37 Peter's suggestions for Ledger
00:45:47 #StopTheScammers
00:46:49 Question Where does the liability lie?
00:48:50 Following GDPR breach protocol
00:50:29 Final comments

WHERE TO FIND THE SHOW
→ My website: https://www.whatbitcoindid.com/podcast/
→ iTunes: https://apple.co/2OOlzVV
→ Spotify: https://spoti.fi/2ygc4W1
→ Stitcher: https://bit.ly/2IQO8fX
→ SoundCloud: https://bit.ly/2CGSVQR
→ YouTube: https://bit.ly/3nyi9Ez
→ TuneIn: https://bit.ly/2ywystr

LISTEN TO OLD EPISODES
→ By guest: https://www.whatbitcoindid.com/guests/
→ By topic: https://www.whatbitcoindid.com/topics/
→ Transcriptions: https://www.whatbitcoindid.com/transc...

SUPPORT THE SHOW
→ https://www.whatbitcoindid.com/sponso...
→ Become a Patron:   / whatbitcoindid  
→ Subscribe on iTunes
→ Leave a review on iTunes
→ Share the show out with your friends and family on social media
→ Drop me a line on [email protected]

WHERE TO FOLLOW ME:
→ Twitter:   / whatbitcoindid  
→ Medium:   / whatbitcoindid  
→ Instagram:   / whatbitcoindid  
→ Facebook:   / whatbitcoindid  
→ YouTube:    / whatbitcoindidpodcast  
→ Website: https://www.whatbitcoindid.com/
→ Email list: https://www.whatbitcoindid.com/subscr...

LEARN ABOUT BITCOIN & CRYPTO:
→ Step by Step Guide: https://www.whatbitcoindid.com/beginn...
→ Training: https://www.whatbitcoindid.com/training/
→ Resources: https://www.whatbitcoindid.com/resour...

****

“I can never repeat enough that we are sorry, but sadly we cannot go back in time and undo it… now we focus on the present and the future.”
— Pascal Gauthier

Location: Remotely
Date: Monday 21st December
Company: Ledger
Role: CEO

In July of this year, Ledger was made aware of a data breach on their website. Their initial statement read: "consisting mostly of email addresses, but with a subset including also contact and order details such as first and last name, postal address, email address and phone number."

Since then customers have been subject to a range of phishing attempts with scammers sending fraudulent emails claiming that their "cryptocurrency assets are at risk", prompting them to download the latest version of Ledger Live. This fake version would then ask for the user's seed words.

To make this data breach worse, what was initially reported by Ledger as 9,500 customers personal details (including physical addresses) was actually over 270,000. Yesterday both that list, along with over one million customer email addresses, was uploaded to RaidForums for anyone to download. Since the dump, there has been an increase in phishing attempts, including a new threat of physical attacks.

In this interview, I talk to Ledger CEO, Pascal Gauthier. We discuss the data breach, their disclosure of the hack, how they communicated with those affected and their plans moving forwards.