Ledger discloses that in 2020 their e-commerce database was breached, exposing over one million customer email addresses and approximately 272,000 customers' full name, phone number, and postal address.
This analysis describes what Ledger's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
Data breach notification provisions create operational requirements for entities to communicate security incidents to affected parties, establishing a procedural framework for incident response and regulatory compliance. This mechanism serves to ensure timely informational delivery regarding unauthorized access or compromise of personal data.
The updated policy removes explicit language stating that Ledger Recover and Ledger Multisig services are excluded from this privacy policy. Previously, users were directed to separate privacy policies for those services; that direction is now absent. This creates ambiguity about whether this policy now covers those services or whether separate policies still apply. The dramatic reduction in policy length (from 224 to 36 sentences) suggests substantial content was removed, though the specific implications depend on what other sections were condensed or eliminated. You should review the full updated policy to confirm what data practices and service exclusions remain in effect for all Ledger services you use.
View change record →Ledger removed language explicitly stating that this privacy policy does not cover Ledger Recover and Ledger Multisig services, and eliminated references to dedicated privacy policies for those services. This creates ambiguity about whether those services are now governed by the main privacy policy or whether separate policies exist but are no longer disclosed in this document. If you use Ledger Recover or Ledger Multisig, you should review the privacy disclosures for those specific services directly, as it is no longer clear from the main privacy policy whether separate protections apply.
View change record →Customers who purchased Ledger products before July 2020 may have had their personal data exposed, and this information has been circulated online, posing ongoing identity and security risks.
How other platforms handle this
We may access, preserve, and share information with regulators, law enforcement, or others if we believe it is reasonably necessary to: detect, prevent, and address fraud and other illegal activity; protect ourselves, you, and others, including as part of investigations; and prevent death or imminen...
We will share individual user information with companies, organizations or individuals outside of Google if we have a good-faith belief that access, use, preservation or disclosure of the information is reasonably necessary to: meet any applicable law, regulation, legal process or enforceable govern...
11 Inferences Conclusions that could be used to create a profile reflecting an individual's preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, aptitude. YES. YES
Monitoring
Ledger has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 10 platforms.
The breach triggers mandatory notification obligations under GDPR Article 33-34 and represents material compliance exposure; legal teams should assess whether remediation measures described in the policy meet regulatory adequacy standards.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Watcher: 10 platforms + same-day alerts. No credit card required.
ConductAtlas detected a major restructuring of Meta’s privacy policy that removed detailed consumer rights disclosures and relocated them to separate documents.
Your genetic data may be transferred to a new owner as a business asset. Here is what the Terms of Service actually say and what you can do right now.
Professional Governance Intelligence
Need to monitor specific governance provisions?
Professional includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
Data breach notification provisions create operational requirements for entities to communicate security incidents to affected parties, establishing a procedural framework for incident response and regulatory compliance. This mechanism serves to ensure timely informational delivery regarding unauthorized access or compromise of personal data.
Customers who purchased Ledger products before July 2020 may have had their personal data exposed, and this information has been circulated online, posing ongoing identity and security risks.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Ledger.