Leading hardware wallet company Ledger recently revealed that they had passed a notable security evaluation, referred to as SOC 2 Type 1. This certification came following a big data breach the firm suffered earlier in June. Ledger didn’t, however, plan to conduct its security audit due to the breach, consistent with comments from a Ledger representative.
“Ledger is usually seeking to boost the safety standards and has been performing on getting the attestation before the data breach,” the representative added.
News of Ledger’s completed SOC 2 Type 1 audit came earlier in October, essentially giving the market a level of confidence supported by a trusted mainstream security benchmark.
“The SOC II attestation refers both to the System, within this case, Ledger Vault only, and therefore the Organization: Ledger as an entire,” the representative explained. “Hence, if the SOC 2 Type 1 only applies to Ledger Vault, the Ledger organization as an entire has been audited (onboarding of collaborators, third party interactions, etc.).”
Ledger was made conscious of a database weakness in July, which they quickly patched. The firm, however, also uncovered a previous large data breach that occurred in June, which leaked thousands of customers’ names, addresses, and other potentially personal data.
Kristy-Leigh Minehan, Former CTO of Core Scientific, explained that “SOC2 Type 1 is about assessing the planning of a security process (or processes) at a selected point in time (or, as of a specified date).” She added:
“They would only be evaluated up until the purpose once they executed it, not necessarily as they were awarded it.”