Ledger Will Not Refund Customers
On social media, Ledger customers have demanded refunds saying the company has failed to maintain their assets’ security.
.@Ledger I want damages being paid for the grievance and total invasion of privacy we witness thank to your company’s wrongdoing.
Please DM me for arranging compensation in order to avoid a civil lawsuit.#SueLedger
— Kim de Vos (@kim0raku) December 21, 2020
CEO Gauthier dismissed the refunds, adding that the company should instead spend money on improving their products’ security standards.
Gauthier added that Ledger is further enhancing its data security by testing all of its systems, conducting another bug bounty, and spreading awareness of the ongoing phishing attacks.
“That’s precisely Ledger’s mission: we continuously invest to improve security standards. That’s also why we won’t be refunding customers like some have suggested,” Gauthier wrote.
Addressing the concerns about physical security threats of more than 270,000 affected Ledger customers, Gauthier said it is better to avoid self-custody of private keys.
The CEO said that if clients hold a large amount of money in cryptocurrency, it is better to store the private keys in a bank vault instead of keeping them at home.
“Do not keep your Recovery sheet in a safe at home. A bank vault is much more secure. Not having immediate access to your backup increases your resilience to physical threats,” Gauthier said in the message.
Ledger Is Hiring New Cybersecurity Team
Gauthier further announced that the company had hired a new Chief Information Security Officer (CISO) to improve security standards.
We’re trying to be as reactive as possible to ensure the situation doesn’t repeat itself. We have hired a new Chief Information Security Officer (CISO) and executed penetration tests & forensic analysis to test these and find additional vulnerabilities on our e-commerce systems.
— Ledger (@Ledger) December 22, 2020
The new CISO Matt Johnson is a former Group Chief Security Officer at the fintech company Ingenico and will be joining Ledger in January. Gauthier also said the company is looking for “world-class” security talent to support the new security leader.
However, Gauthier failed to explain why it took the company more than five months since the data breach to hire a data security officer.