Ledger · Ledger Privacy Policy

Security Measures and Breach History Context

High severity
Share 𝕏 Share in Share 🔒 PDF

What it is

Ledger takes steps to protect your data but cannot guarantee it will never be breached — and in fact suffered a major data breach in 2020 affecting over 270,000 customers.

Consumer impact (what this means for users)

Ledger cannot guarantee the security of your personal data, and their 2020 breach — which exposed the names, phone numbers, and home addresses of over 270,000 customers — demonstrates this risk is material, particularly given that this data is linked to cryptocurrency ownership.

Cross-platform context

See how other platforms handle Security Measures and Breach History Context and similar clauses.

Compare across platforms →
Need full compliance memos? See Professional →

Why it matters (compliance & risk perspective)

This standard disclaimer is particularly significant for Ledger given their documented 2020 breach, which exposed the physical home addresses of over 270,000 customers who were then targeted by phishing campaigns and physical threats — the risk of data exposure here is not theoretical.

View original clause language
The security of your data is important to us, but remember that no method of transmission over the Internet, or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your Personal Data, we cannot guarantee its absolute security.

Institutional analysis (Compliance & legal intelligence)

REGULATORY FRAMEWORK: Data security obligations are governed by GDPR Art. 32 (appropriate technical and organisational security measures), with breach notification under Art. 33 (to CNIL within 72 hours) and Art. 34 (to affected individuals without undue delay for high-risk breaches). In the US, FTC Act Section 5 requires reasonable security; state breach notification laws (e.g., California Civil Code §1798.29, NY SHIELD Act, Texas Business & Commerce Code §521) require prompt consumer notification.

🔒

Compliance intelligence locked

Regulatory citations, enforcement risk, and due diligence action items.

Watcher $9.99/mo Professional $149/mo

Watcher: regulatory citations. Professional: full compliance memo.

Applicable agencies

  • FTC
    The FTC has authority to require reasonable data security practices under FTC Act Section 5 and pursues enforcement actions against companies with inadequate data protection.
    File a complaint →
  • State AG
    State Attorneys General have authority to enforce state breach notification laws and data security statutes where Ledger customers are located.
    File a complaint →

Provision details

Document information
Document
Ledger Privacy Policy
Entity
Ledger
Document last updated
April 29, 2026
Tracking information
First tracked
April 27, 2026
Last verified
April 28, 2026
Record ID
CA-P-003657
Document ID
CA-D-00278
Evidence Provenance
Source URL
https://www.ledger.com/privacy-policy
Wayback Machine
View archived versions →
SHA-256
9a6fc1c6566c5db4f79f71e6b92bfb73f8160ea24b52ecc228c23699f2fbc16b
Verified
✓ Snapshot stored   ✓ Change verified
How to Cite
ConductAtlas Policy Archive
Entity: Ledger | Document: Ledger Privacy Policy | Record: CA-P-003657
Captured: 2026-04-27 15:33:24 UTC | SHA-256: 9a6fc1c6566c5db4…
URL: https://conductatlas.com/platform/ledger/ledger-privacy-policy/security-measures-and-breach-history-context/
Accessed: May 2, 2026
Classification
Severity
High
Categories
Unknown

Other provisions in this document