The company had suffered a serious data breach in June, but it seems that the security audit was already underway before the attack.
Ledger, a popular wallet hardware manufacturer, recently announced that it has passed a major security assessment, known as SOC 2 Type 1. This certification comes following a serious data breach suffered by the company in June. However, according to a spokesman for the company, Ledger has not decided to conduct the audit as the direct cause of the breach:
„Ledger is always trying to raise safety standards and was Crypto Cash working to obtain the certification even before the data breach“.
News of Ledger’s passing of the SOC 2 Type 1 audit came in October, providing the market with an injection of confidence based on a reliable mainstream security benchmark.
Ledger’s spokesman explained:
„The SOC 2 certificate evaluates both the system, in this case the Ledger Vault, and the organisation, i.e. Ledger as a whole. So, even if SOC 2 Type 1 only applies to the Ledger Vault, it was the company as a whole that was audited (in terms of employee recruitment, interactions with third parties, etc.)“.
In July, Ledger was made aware of a vulnerability in the database, which was quickly corrected. However, the company also discovered a previous very serious data breach in June that leaked the names, addresses and other potentially sensitive information of thousands of customers.
Kristy-Leigh Minehan, former CTO of Core Scientific, told Cointelegraph:
„SOC2 Type 1 evaluates the design of a security process(es) at a specific time (or from a specific date).
The evaluation is only valid until the test is performed, not necessarily until the result is validated“.