Plaintiffs filed an action in the District Court for the District of Delaware against Shopify Inc. and TaskUs Inc., alleging that the companies failed to implement measures to prevent a data breach resulting in a breach of their personal information and their cryptocurrency wallets.
The breach occurred in 2020 and affected the cryptocurrency hardware wallets of Leger SAS, which had contracted with third-party vendors Shopify and TaskUs to process its customers’ personal information. The breach affected the names, email addresses, mailing addresses and phone numbers of 272,000 people.
The complaint alleges that the personal information concerned was published online. It has also been alleged that some people faced physical abuse or threats of blackmail if they did not transfer their crypto assets to cybercriminals, resulting in the theft of millions of dollars in cryptocurrency.
The complaint includes allegations of negligence, unjust enrichment, violations of Florida Deceptive and Deceptive Trade Practices Act, violations of North Carolina Deceptive and Deceptive Trade Practices Act, violations Arizona consumer fraud law and Kentucky consumer protection law violations.
Additionally, the complaint alleges that phishing attempts were made by hackers posing as members of Ledger’s support team and asking Ledger customers to download a fake version of Ledger Live software.
Plaintiffs seek an injunction requiring Shopify and TaskUs to implement security measures to protect consumers’ personal information as well as direct damages, punitive damages, compensatory damages, statutory damages and legal fees and attorney’s fees.[View source.]