ledger.com
Jul 29, 2020
A breach of Ledger, a French hardware cryptocurrency wallet manufacturer. The breach exposed two categories of data: a large list of email addresses belonging to newsletter/marketing subscribers (~1 million), and a more sensitive dataset of customer order records (~272,000) containing full names, physical mailing addresses, email addresses, and phone numbers. The order data was particularly sensitive as it exposed the physical locations of cryptocurrency hardware wallet owners, making them potential targets for physical theft or targeted attacks. The data was originally stolen in June/July 2020 via a misconfigured API on Ledger's e-commerce platform and later dumped publicly on RaidForums in December 2020. This archive appears to be a redistribution via BreachForums.
Data found in this dataset
Source files
Expand any file to inspect its column headers and the LLM's field-mapping reasoning, recorded during ingestion.
All_Emails__Subscription_.txt1 column1,075,368 rows
File structure
Format: CSV·Delimiter: ·Has header: no·Quote: "
| Source column | Mapped field | Confidence | LLM assessment |
|---|---|---|---|
| 0 | high | All values are valid email addresses; single-column flat file with no header, consistent with Ledger's ~1M marketing/newsletter subscriber email list |
Notes: This appears to be the smaller-sensitivity subset of the Ledger breach: a flat list of email addresses only, one per line, no delimiter other than newline. No other PII fields (name, address, phone) are present in these 50 rows, consistent with the newsletter/marketing subscriber extract (~1M records) rather than the more sensitive order dataset (~272K records) which contained full names, physical addresses, and phone numbers. The absence of headers is typical of bulk email dumps redistributed via RaidForums/BreachForums.
Breached_Info.txt1 rows
File structure
Notes: This file is free-form prose text (README/disclaimer), not structured PII records. It contains only general text about the breach source and context, with no delimited columns or consistent record structure. No importable PII data present.
Ledger_Orders__Buyers__only.txt8 columns272,852 rows
File structure
Format: CSV·Delimiter: pipe·Has header: no·Quote: "
| Source column | Mapped field | Confidence | LLM assessment |
|---|---|---|---|
| 0 | high | first field in every row contains a valid email address | |
| 1 | fullName | high | second field consistently contains a person's full name (first + last, sometimes with mixed case) |
| 2 | address1 | high | third field contains street address, building name, or primary address line |
| 3 | address2 | high | fourth field contains secondary address info (apt number, suite, floor, additional street line, or city+state+zip for simple addresses) |
| 4 | address2 | medium | fifth field present in multi-line addresses; contains city/state/zip or tertiary address line depending on record length |
| 5 | address2 | medium | sixth field present in longer addresses; contains additional address continuation or city/state/zip block |
| -1 | phone | high | last field in every row contains a phone number, often with country code prefix or local formatting |
| -2 | country | high | second-to-last field in every row contains country name (e.g. 'United States', 'Germany', 'Canada', 'Austria') |
Notes: This file has no header row. The delimiter is pipe (|). Row length varies from 6 to 8 fields due to multi-line international addresses — some records include company names, building/floor details, or P.O. boxes as extra address continuation fields. Email is always column 0, fullName always column 1, phone always the final column, country always second-to-last. All middle columns (2 through n-2) represent address lines and should be treated as address1/address2 overflow. No DOB, SSN, username, or password fields are present — consistent with the Ledger order data breach profile (name, email, physical address, phone). The physical address exposure is the primary sensitivity concern given that these are cryptocurrency hardware wallet purchasers.