Shopify, Ledger dodge class action as California court dismisses 2020 data breach lawsuit

Shopify

A California court has dismissed a proposed class-action lawsuit against Shopify and Ledger over a 2020 Shopify data breach that impacted both companies, on jurisdictional grounds.

The judge found that the US court lacks jurisdiction over Canada-based Shopify or France-based Ledger.

French cryptocurrency wallet provider Ledger was impacted by Shopify’s data breach, which exposed data from 292,000 of its own customers. The two firms were named as defendants in a suit filed in April in a Northern California court by plaintiffs John Chu and Edward Baton on behalf of Ledger users.

The proposed class-action lawsuit claimed several Ledger users lost their cryptocurrency in phishing campaigns due to their personal data being leaked as a part of this breach.

On November 8, Judge Edward Chen ruled in favour of Shopify and Ledger’s motion to dismiss the lawsuit, after finding that the United States-based court does not have jurisdiction over Shopify or Ledger, given that the two companies are headquartered in Canada and France, respectively.

In September 2020, Shopify revealed that two employees were behind a data breach that had affected some of the merchants on its e-commerce platform. At the time, the company stated “less than 200 merchants” were affected by the incident, which Shopify said saw contact information like emails, names, addresses and order details such as products and services purchased improperly accessed.

RELATED: Shopify, Ledger named in new class-action lawsuit following 2020 data breach

Shopify claimed that following an investigation, the company determined the breach was the result of efforts by two “rogue members” of its support team to obtain the customer transactional records of specific merchants. Following this discovery, the retail giant said it immediately terminated the individuals’ access to the Shopify network and contacted law enforcement.

In January 2021, Ledger published a statement on its website revealing that it was affected by this breach as part of a “small number” of Shopify merchants that were found to have been affected by the data breach, in addition to the “less than 200” merchants that Shopify originally identified in September 2020.

Feature image courtesy of Shopify

Josh Scott

Josh Scott

Josh Scott is a BetaKit staff writer who loves to tell Canadian business and tech stories. His coverage is more complete than his moustache.