Ledger, a French-based cryptocurrency wallet maker, had recently faced criticism over its handling of a security breach, which left customers vulnerable to phishing attacks. The company’s communication approach to the incident came under the scanner and has been heavily criticized, highlighting the importance of effective crisis management in the digital era.
Ledger was once known as one of the most secure crypto wallet makers globally, but the cybersecurity company recently experienced a data breach that saw the personal information of around 272,000 of its customers being leaked online. The breach included customers’ email addresses, phone numbers, names, and residential addresses, which were leaked on a hacking forum in December 2020.
The fallout from the data breach took a swift turn for the worse when customers started receiving phishing emails featuring their personal information. These emails requested users to input their recovery phrase, enabling the hackers to access their ledger wallet and their digital assets.
The company was accused of not doing enough to inform customers about the breach or how it would potentially impact them. A classic communication mistake: the company thought it was enough to be right in its approach, but it failed to effectively communicate the security breach to its customers and provide clear instructions about how to protect themselves.
Instead of making an immediate public announcement and outlining the steps customers could take to protect themselves, the company initially released a tweet that left customers with more questions than answers, causing further confusion and distrust.
In its tweet, Ledger stated that it had identified a database breach in June 2020, which resulted in unauthorized access to its customer’s information. The company then confirmed that e-commerce and marketing operations were not affected and that the “wallets are safe to use as usual.” The tweet ended with “Your crypto assets are still secure on your Ledger device. No action is required on your part.”
However, this tweet left out essential information that would have enabled customers to prioritize their efforts to secure their wallets. The tweet did not offer clear guidance on how to monitor their accounts for signs of phishing attempts, which would have been vital in protecting their digital assets.
Moreover, the tweet only addressed the concerns of users who were aware of the situation, leaving a much larger group of users open to attack. The lack of clarity and appropriate messaging quickly led customers to doubt the company’s commitment to protecting the personal data of its customers.
The approach highlights a specific problem that many companies face in the digital era: the need to communicate openly and transparently during a crisis. In today’s world, reputational damage can be far more significant than the security breach itself, and the swift handling of crises has become more important than ever before.
Successful crisis management requires proactive communication, speed, and transparency. It would help if you did not wait for the situation to escalate before addressing it. Companies need to ensure that they have a crisis communication strategy in place to enable quick action when a security breach occurs.
Ledger’s communication blunder is an important reminder to other companies that being right about the situation is not enough. The communication aspect is vital in rebuilding public trust and must be handled with the same urgency and priority as the security breach.
A company’s trustworthiness and reputation can be destroyed by a communication blunder, and this can lead to financial losses and difficulties in recovering from the incident. Rebuilding trust with the customers who have been affected by a security breach should be a company’s top priority. This can only be achieved through transparent communication and providing satisfactory answers to their queries and concerns.
In conclusion, Ledger’s crisis management approach highlights the importance of transparent communication in the digital era. The company’s initial response lacked clarity and failed to provide customers with sufficient protection from potential phishing attacks. Companies need to have a crisis communication strategy in place to enable quick action when a security breach occurs, and they need to prioritize communication as much as they do security. Being right is not enough; effective communication can mitigate the reputational damage and restore trust with the affected customers.
Hardware wallet maker Ledger, based in Paris, has faced a week of turmoil, much of which appears to have arisen from the company itself. The introduction of its new “Ledger Recover” seed phrase recovery service on 16 May was met with skepticism from the crypto community. Users were worried that new security risks could threaten one of the most widely-used hardware wallets on the market. By midweek, wild speculation on Twitter suggested that Ledger devices had been compromised, partly due to spiralling paranoia and social media hyperbole, but also as a result of Ledger’s own communications that poured fuel on the fire.
The current incident reinforces the message to other crypto companies that it’s not enough to be technically correct when dealing with a crisis. The crypto industry is attracting more and more users with limited technical knowledge, making it even more essential to communicate clearly and carefully. While some of those attacking Ledger misunderstood that the Ledger Recover service, and the identity documentation involved, were optional, the backlash spiralled out of control after a customer service agent tweeted that it was possible “to extract keys.” Though technically accurate, this phrasing added to the confusion and fuelled even more panicky rhetoric on Twitter.
As a result, the message committed the sin that journalists call “burying the lede”. An update needs to be manually approved by the user, and this is the core of Ledger’s rebuttal of ongoing attacks against it. While technical nuances are beyond many users, trustworthy experts have rebutted the most extreme worries circulating about Ledger. However, it remains too soon to completely sign off on the idea that everything is fine. One real issue is that the updates and the Ledger code itself are not open source, unlike the code used by many other hardware wallets. This lack of accessibility makes trust in Ledger significantly higher than with other wallets.
Ultimately, this episode highlights that language is not like computer code. When writing a tweet, small variations matter profoundly to how it is received. It’s important to communicate clearly and carefully to avoid unnecessary panics and fueling basic misunderstandings. As the crypto industry expands, it will become increasingly vital to ensure crypto companies are mindful of the technical limitations of users outside the world of blockchain. Communication will become and will remain essential as feature sets and updates continue to increase vulnerability and complexity along with innovation.