It seems the review was already in process before the attack ever occured.
Popular hardware wallet company Ledger recently announced that they had passed a notable security evaluation, known as SOC 2 Type 1. This certification came following a significant data breach the company suffered in June. Ledger did not, however, decide to conduct its security audit because of the breach, according to comments from a Ledger representative.
“Ledger is always seeking to raise the security standards and has been working on getting the attestation prior to the data breach,” the representative told Cointelegraph.
News of Ledger’s completed SOC 2 Type 1 audit came in October, essentially giving the market a level of confidence based on a trusted mainstream security benchmark.
“The SOC II attestation refers both to the System, in this case, Ledger Vault only, and the Organization: Ledger as a whole,” the representative explained. “Hence, if the SOC 2 Type 1 only applies to Ledger Vault, the Ledger organization as a whole has been audited (onboarding of collaborators, third party interactions, etc.).”
Ledger was made aware of a database weakness in July, which they quickly patched. The company, however, also uncovered a previous large data breach that occurred in June, which leaked thousands customers’ names, addresses, and other potentially sensitive information.
Kristy-Leigh Minehan, Former CTO of Core Scientific, told Cointelegraph “SOC2 Type 1 is about assessing the design of a security process (or processes) at a specific point in time (or, as of a specified date).” She clarified:
“They would only be evaluated up until the point when they executed it, not necessarily when they were awarded it.”
Source: , CoinTelegraph
Articles listed with Cash Tech News as the author are either general information, or may have been imported from another website, to bring our readers a rich media experience that encompasses articles that we find interesting, as well as those curated by others.
The views and opinions expressed here are for informational purposes only, and should not be confused with professional financial advice. These opinions are solely those of the author and do not necessarily reflect the views of CashTechNews.com. Every investment and trade involves risk. You should conduct your own research, and contact your professional financial advisor before making any investment.
Corrections, feedback, and ideas should be submitted through the website contact form.