Bitcoin Then and Now: From $9,000 to $108,000 — the Stakes Have Never Been Higher

When Ledger’s massive data breach occurred in mid-2020, Bitcoin traded at just around $9,000. Today, it’s above $108,000. That means many of those whose addresses were leaked in that breach now sit on fortunes — and have become literal targets.

This isn’t just a data privacy story. It’s a story of physical danger, blackmail, and attempted extortion — enabled by Ledger’s failure to protect its customers.

Two Data Breaches, Zero Accountability (Until Now)

Ledger has publicly admitted to two separate data leaks:

1. The Shopify Leak – Insider employees were bribed to exfiltrate Ledger’s customer database via its e-commerce backend.
   
2. The Iterable/Diff Leak – The marketing platform used by Ledger had an insecure API that was scraped for customer data.
   

At least, the Iterable/Diff Leak exposed:

• Names
  
• Email addresses
  
• Phone numbers
  
• Full home addresses
  

The result? Over 270,000 Ledger customers were doxxed and added to dark web lists.

Real-World Consequences: Extortion, Home Invasions, and Violence

Many victims received phishing emails and SIM swap attempts. But in some cases, it went far beyond that.

According to international press reports and anecdotal disclosures, Ledger users have been subject to home invasions and physical threats. Some cases involve attempted kidnappings, and in at least one verified incident, a victim had a finger cut off by assailants trying to access their hardware wallet.

Even Ledger’s own executive team has been targeted. In one case, a founder was reportedly followed and harassed near their home.

This is the direct human cost of a company failing to encrypt or segregate sensitive user data. When someone’s full address and identity is connected to their crypto holdings, they become vulnerable — in real life.

Legal Progress: CNIL Fines Ledger €750,000 — Austrian Courts Lead the Way

Ledger’s attempt to downplay the breach has now met serious legal resistance:

• France’s CNIL fined Ledger €750,000 for violations of GDPR and failing to secure user data.
  
• Austria has seen multiple settlements — Ledger has already paid out in several cases brought by customers.
  
• Germany is next. While outcomes have been mixed so far, additional lawsuits are pending and one settlement has been achieved.
  
• Liechtenstein and EU-wide class actions are ramping up, including coordination with GDPR representatives under the Collective Redress Directive.
  

We at Litigation Financing DAO have already initiated lawsuits and over 1,000 more are in preparation.

No Legal Insurance? No Problem.

Our model is simple:

• We cover 100% of the cost of litigation: court fees, lawyers, expert witnesses.
  
• You only pay if we win — with a fixed success fee (no hidden clauses).
  
• No risk. No upfront payment. No need to have legal insurance.
  

You can be anywhere in the EU, Switzerland, Liechtenstein, or even outside — if your data was leaked by Ledger, you are eligible.

Featured in the Media

Our litigation and investigative work has already been featured in:

• BTC-ECHO: Ledger Leak – Kanzlei Scheiber leitet Sammelklage ein
  
• Legal Insurance coverage claim lawsuit
  

Our Team: Driven By Justice

I, Marcel, am coordinating this through Litigation Financing DAO in partnership with SCHEIBER LAW, one of Europe’s leading data-privacy litigators. Our motivation is personal — family members and colleagues are among the affected, and we’ve seen firsthand what this breach has done to people’s lives.

This is not about “a database leak.” It’s about putting lives at risk — and holding a billion-dollar company accountable.

What You Can Do Now

If your information was leaked by Ledger, even if you’re unsure, you may be entitled to claim damages for non-pecuniary damage (compensation for pain and suffering) and – probably better – to assert liability for future damages

Visit: www.ledger-claim.com
Sign up with or without legal insurance
Pay nothing upfront — we take on the risk

We Are Not Done

This isn’t just a class action. It’s a warning to every company handling sensitive crypto data:
Secure your users, or be held accountable.

With BTC now at $108,000, the people Ledger exposed are no longer small-time investors. They’re whale-sized targets. And we’re making sure their rights — and their safety — are protected.

– Marcel, Litigation Financing DAO 

Photo by rc.xyz NFT gallery on Unsplash

Early in 2020 there has been a serious data leak at the car rental company Buchbinder according to media reports in the computer magazine c’t and the weekly newspaper Zeit. Personal data of three million clients have been leaked and are accessible (unencrypted) for anyone on the internet. According to the media all Buchbinder clients (car renters and drivers) from 2003 to 2020 are affected.

A configuration error on one of Buchbinder´s backup servers has apparently triggered the data leak. This lead to personal data being published on the internet. The following data has been published:

Name
Address
Date of birth
Mobile phone number
E-mail address
Driving licence number
Driving licence issue date
Payment information and bank details

The data was publicly available on the internet. The likelyhood of phishining attempts, blackmail and other fraudulent methods is considered to be very likely. Identity theft cannot be ruled out.

The disclosure of personal data is likely to constitute a serious breach of the GDPR (European Data Protection Regulation). According to Art 82 GDPR, any person who has suffered material or immaterial damage due to a data protection breach is entitled to claim damages against the responsible party, thus against Buchbinder.

Ledger SAS had a major security breach in their online shop in the year 2020. The breach occured in their e-commerce and marketing database with over one million client email adresses and over 290´000 personal client information records. Since 2020, this information is available for everyone on the internet platform.

Ledger SAS clients have been massively affected since the publcation of their personal data on the platform. They receive a huge number of unsolicited advertising e-mails, phone calls from unknown third parties, as well as phishing e-mails and blackmail e-mails or calls almost daily.

Class action for those affected by the Ledger SAS data breach have been filled. It is to be assumed that Ledger SAS violated provisions of the European General Data Protection Regulation (GDPR). Ledger SAS is liable as a data protection controller and affected persons have a claim for damages. Ledger SAS has so far rejected an out-of-court settlement. For this reason, the first lawsuits have now been filed in court (initially in Germany).

The claim for damages asserted in this context due to the refusal to provide information about the data leak (which was in any case delayed) has not yet been ruled by the Innsbruck Regional Court. A preliminary ruling is awaited by the European Court of Justice (ECJ).

The judgments are not yet legally binging.