This is very concerning news, but I can't say that I am surprised with this.
Scammers probably found a way to bypass genuine check, and there is no way to know how they did it since ledger is closed source device.
There is always a chance that some leak from ledger factory happened, they are made in China and only assembled in France.
Even without this latest scam I was warning people in last few years to stop using ledger and all other closed source devices like tangem.