Connect with us

Hi, what are you looking for?

Tech & Science

Ledger suffers data breach, personal data leaked (Includes interview)

In response to the incident, Ledger took to Twitter to state that its marketing and e-commerce database was compromised through a third party’s API key that was misconfigured on their website. This set-up error led to the website exposing its customers’ contact details and order information.

Whilst reporting on the exposed data, Ledger has claimed that there was no spill of cryptocurrency holdings or client transaction information.

Looking into the issue for Digital Journal is Chris DeRamus, who is the VP of Technology, Cloud Security Practice, Rapid7.

DeRamus begins by explaining my this particular data loss is so significant, and this comes down to what the website was trading in. DeRamus says: “Cryptocurrency is an incredibly sensitive industry when it comes to data breaches. Although Ledger has reported that payment info, passwords, and cryptocurrency funds were not affected, it will affect customer trust knowing their personal data was left unprotected. It is crucial to ensure that all sensitive information – from email addresses to cryptocurrency funds – is secure and kept out of the hands of threat actors.”

In terms of ensuring that these types of data losses do not happen again, DeRamus recommends new security protocols. According to DeRamus: “To ensure that a company database is secured, businesses should have Identity Access Management (IAM) governance in place.”

IAG is process that allows organizations to monitor and ensure that identities and security rights are correct, as well as managed effectively and securely.

In addition, he is of the view that: “Businesses should follow the principle of least-privileged access when provisioning IAM permissions by providing checks to restrict identities from being able to access beyond their systems. ”

DeRamus explains further that “This is possible by implementing automated security tools that continually protect systems and servers from IAM vulnerabilities, as well as misconfigurations, policy violations, and other threats to ensure total security and compliance.”

Written By

Dr. Tim Sandle is Digital Journal's Editor-at-Large for science news. Tim specializes in science, technology, environmental, and health journalism. He is additionally a practising microbiologist; and an author. He is also interested in history, politics and current affairs.

You may also like:


The Cold War-era submarine has become a symbol of Albania's tumultuous communist past - Copyright Russian Defence Ministry/AFP HandoutBriseida MEMARetired sergeant Neim Shehaj spends...

Tech & Science

An illustration provided by NASA of the Mars InSight lander.Lucie AUBOURGAfter some four years probing Mars’ interior, NASA’s InSight lander will likely retire this...


The IMF approved a $6 billion bailout for Pakistan in 2019, but payment tranches have been stalled over the pace of economic reforms -...