Plaintiffs filed suit in the District Court for the District of Delaware against Shopify Inc. and TaskUs Inc., alleging that the companies failed to implement measures to prevent a data breach that resulted in a breach of their personal information and cryptocurrency portfolios.

The breach occurred in 2020 and affected Leger SAS cryptocurrency hardware wallets, which had contracted with third-party vendors Shopify and TaskUs to process its customers’ personal information. The breach affected 272,000 individuals’ names, email addresses, postal addresses, and phone numbers.

The complaint alleges that the affected personal information was published online. It was also alleged that some individuals were faced with physical violence or blackmail threats if they did not transfer their crypto assets to the cybercriminals, which led to millions of dollars in cryptocurrency stolen.

The complaint includes allegations of negligence, unjust enrichment, violations of Florida’s Deceptive and Unfair Trade Practices Act, violations of the North Carolina Unfair and Deceptive Trade Practices Act, violations of the Arizona Consumer Fraud Act, and violations of the Kentucky Consumer Protection Act.

Furthermore, the complaint alleges that phishing attempts were made by hackers posing as Ledger support team members and asking Ledger customers to download a fake version of the Ledger Live software.

Plaintiffs are seeking injunctive relief requiring Shopify and TaskUs to implement security safeguards to protect consumers’ personal information as well as direct damages, punitive damages, compensatory damages, statutory damages, and attorneys’ fees and costs.

Photo of Kathryn Rattigan Kathryn Rattigan

Kathryn Rattigan is a member of the Business Litigation Group and the Data Privacy and Security Team. She concentrates her practice on privacy and security compliance under both state and federal regulations and advising clients on website and mobile app privacy and…

Kathryn Rattigan is a member of the Business Litigation Group and the Data Privacy and Security Team. She concentrates her practice on privacy and security compliance under both state and federal regulations and advising clients on website and mobile app privacy and security compliance. Kathryn helps clients review, revise and implement necessary policies and procedures under the Health Insurance Portability and Accountability Act (HIPAA). She also provides clients with the information needed to effectively and efficiently handle potential and confirmed data breaches while providing insight into federal regulations and requirements for notification and an assessment under state breach notification laws. Prior to joining the firm, Kathryn was an associate at Nixon Peabody. She earned her J.D., cum laude, from Roger Williams University School of Law and her B.A., magna cum laude, from Stonehill College. She is admitted to practice law in Massachusetts and Rhode Island. Read her full rc.com bio here.