It looks like that I am of those compromised data that has been leaked online. Has anyone received a similar email from [1] https://haveibeenpwned.com/?. Though I am certain that nothing will happen on my bitcoin that is stored in their products, still, I am anxious about how can these physical attack be possible? Like seriously? That's a million number of email and other confidential personal information.

Ironically, Ledger collects a lot of data of their consumers in order to comply with many different laws and regulations that mainly aimed to protect users privacy. The list of laws they must comply with includes:

https://fra.europa.eu/en/law-reference/act-ndeg78-17-6-january-1978-data-processing-data-files-and-individual-liberties
https://www.cnil.fr/sites/default/files/typo/document/Act78-17VA.pdf
https://www.activemind.legal/legislation/gdpr/
https://eur-lex.europa.eu/legal-content/EN/ALL/?uri=CELEX:32002L0058
and others

When you buy a hardware wallet via official Ledger website the following information is collected; it stored for a long time:

- Your name (first name, last name);
- Your e-mail address;
- Your postmail address;
- Your phone number;
- Your physical address and other contact details;
- Your credit card number;
- Your other payment information;
- When you contact customer support, they will record and store their correspondence with you;
- You also may be asked to perform a small KYC procedure when contact customer support;
- Your IP address;
- Your operating system;
- The type of device you use;
- Date and time you visit the website;
- Browsing Data (information about your visit including the URL clickstream to, through and from our website, products you viewed or searched for, download errors, length of visits to certain pages, page interaction)

Source: https://shop.ledger.com/pages/privacy-policy

It is also worth to note that users can (should) request manual deletion of their personal data, but this does not guarantee that the data will be deleted immediately.

In short, if you care about your privacy, you'd better avoid shopping through an official store. This is worse than any KYC on any centralized exchange.

What's the deal with decentralized/centralized wallet here? Surely you are not suggesting people to stop buying from a website if they require personal details, are you? How can you receive your products then? What mk suggested might work but not everyone can do it either. At least the address part is not as easy as it sounds in my place.

And buy them offline? Sadly not everyone can fly around the world to buy some stuff.

So true, I don't even think 5% of crypto/hw users will go through the hassle of traveling to a different country/continent just to get a hardware wallet. We have to take this situation as a 'necessary evil' and hope ledger takes better precautions in protecting users data and being proactive incase of a unforseen breach.
I don't see a problem of understanding here; Are you by any chance pushing for people to store coins on centralized wallets, on such wallets, any breach/hack and you lose your funds, plus there's already the danger of your KYC info being sold on the black market. Having said that, on decentralized wallets like ledger, you the user is in full control and you don't need the devs to have any 'business' whatsoever with you, other than keeping you private info you used upon online purchase secret, and mind you that even if there's a breach in their database your funds are still safe, there's only a danger of a physical attack or if you give out your seed phrase, so I don't get your hype of centralized wallets.

This is probably the safest way to receive goods which demand our privacy but not many countries do have a PO Box for the common public. In such a case, we need to find help from someone who doesn't really know much about bitcoin and we need to ship to their address who can collect it on our behalf and whom we really trust. Atleast this is what I do to hide my real identity from the bitcoin world while receiving bitcoin products and stuffs. I even had a anonymous pickup point which I have been using it for 2 years but for safety purposes I have stopped using them as well in recent months.

On top of that to be on the safer side I never did KYC in any of the exchanges so far. All in all whenever I am in need of selling my bitcoin for fiat (which is a very rare case) I use a trusted known person who can help me in withdrawing fiat by selling through their account.

This is where adding a temporary PIN code to your Ledger helps a lot. Transfer all your funds except $50-100 to a temporary PIN and if such an attack ever happens, you could get away with a loss of only $50-100 while the remaining majority of your funds will be safe. The thief will think you've given him everything you had, without knowing you also have a hidden account containing the actual portfolio.

To learn more about how a secondary password helps, check out the following link: https://www.ledger.com/academy/passphrase-an-advanced-security-feature

I received and found these lists, I found more than 15 people just from my city. I do not know what to do, everything is there, addresses, phone numbers, mail. Advise what to do?

This made me want to check out Trezor's privacy policy, and it turns out they delete order data after 90 days at most. It still comes down to trusting a third party to handle your data correctly, or to even do what they claim they'll do, but at least they're a lot less vague with how long they keep your data:

Trezor:


Ledger:


This probably goes without saying, but maybe the best advice to give at this point would be to stay away from Ledger completely. I wouldn't even trust Trezor to be honest, but it's up to the individual to weigh the risk of letting others handle their information.

This is the reason why most people in this crypto space care so much about their privacy and identity. It's not completely safe when we entrust important identities and data to online sites. Scammers stalk crypto users at all costs, so we had to be vigilant and take various precaution. Of course, it is the responsibility of every user to always maintain their security and privacy online. Something that is considered safe may not be completely safe if we cannot control it ourselves.