Ledger Data Breach Takeaway: CRM infrastructures need to be rebuilt to preserve brands’ reputation
If my entrepreneurial journey has taught me anything, it is that there is nothing to fear but fear itself. The life of a company is punctuated by mishaps and crisis readiness is of the utmost importance. However, fear tends to hinder innovation, leading often to inaction, which is the root cause of failure in the overwhelming majority of startup post-mortems.
Despite this, I have to confess that my heart skipped a beat this morning when Ledger sent me (and all their customers) this Security Notice announcing that an unauthorized third-party had access to Ledger’s e-commerce and marketing database.
Ledger technologies are used daily at LGO and Arianee and, while we do have contingency plans, a breach of Ledger’s security would have major consequences on our operations and on the blockchain industry as a whole.
Thankfully, this was not the case, Ledger is best-in-class when it comes to security and this data breach does not challenge this. Their technology is still the safest solution to manage your crypto. The Security Notice regarded a potential data breach on their website that might have exposed customer data. In other words, this does not impact the security of their products.
All companies are at risk, in terms of reputation, because of databases built for marketing & e-commerce reasons.
Data breaches have become commonplace in the last few years. There is not a single week where a data breach is not announced. Household names such as Adobe, Equifax, Marriott or Yahoo! rank among the most significant ones. These data breaches are often due to negligence. Brands usually promise that they have taken measures and that security will be reinforced and new procedures will be implemented.
The Ledger data breach strikes a special chord with me because they are known for their meticulous attention to security, bordering on paranoia. In the Ledger Donjon, a dedicated team of experts works every day to try to crack their own products in order to ensure the utmost level of security. How could such a company have its ecommerce and marketing database breached?
While I am not privy to the details of this data breach, I do not believe Ledger was negligent. Furthermore I do not believe that this could have been prevented. While securing a dedicated device can be achieved with the best engineers, I have come to the conclusion that it is impossible to completely secure the complex IT systems that manage commercial information. To say it otherwise, the question for every company is not whether their consumer information will be leaked but when.
So does this mean that we should resign ourselves and accept that data breaches are just the new normal?
No, but stronger security measures implemented on the side of firms are not sufficient. Neither will adding stronger or additional government regulation on consumer data collection be enough. To fight against data breaches, I believe we need a brand new architecture to manage commercial and marketing relationships. This architecture should enable companies to engage in meaningful relationships with their customers without collecting or storing sensitive data. At Arianee, we are building tools based on this principle and they are already used by brands such as Breitling, Ba&Sh, Vacheron Constantin and many more.
We have seen industries embrace new paradigms over the years. Old logics have been turned on their heads. It is possible. We are doing it. This is our new paradigm: users keep control of their data and brands do not need to collect and store anything. A direct communication channel is created between brands and their customers through the use of a digital identity which represents the ownership of each product. As a result, brands are not at risk, and customers’ privacy is respected by design.
Arianee does not pretend to have all the solutions. We are still developing some of the fundamental building blocks for a new way to interact with customers. There is still plenty of work to do. But we believe we’re on the right path; the first brands using our tools are already getting great feedback from their customers.
In the future, I will continue to use Ledger products. They remain best-in-class and this data breach does not challenge this. I, however, encourage them to explore new ways of organising their marketing and commercial activities in a way that would make such leak inconsequential.
About Arianee: The Arianee Project is an independent, participative organization whose mission is to build a global standard for the digital certification of valuable objects by promoting and supporting the adoption of the Arianee protocol.
- Join us on Facebook & LinkedIn
- Follow us on Instagram, Twitter & YouTube
- Star our Github repos & read the technical documentation
- Sign-up for crypto updates & learn more about the aria token
