Ledger is confronting another data exposure incident, this time stemming from a breach at its third-party payment processor, Global-e.
The hardware wallet maker said unauthorized access occurred within Global-e’s cloud infrastructure, exposing certain Ledger customers’ personal details, including names and contact information. The incident was disclosed in an email sent by Global-e to affected users and was first shared publicly by blockchain investigator ZachXBT on X.
Global-e did not specify how many customers were impacted or when the unauthorized access took place. The company said it detected unusual activity, implemented containment measures, and launched an investigation that confirmed improper access to limited personal data.
“We retained independent forensic experts to conduct an investigation into the incident and determined that some personal data, including name and contact information, were improperly accessed,” Global-e said in the notification email.
Ledger said the breach did not originate from its own systems. In a statement to CoinDesk, the company emphasized that Global-e, acting as the merchant of record, is the data controller and therefore issued the customer notifications.
“This incident consisted of unauthorized access to order data in Global-e information systems,” Ledger said. “Some of the data accessed pertained to customers who made a purchase on Ledger.com using Global-e.”
Ledger stressed that its hardware, software, and platform were not compromised and remain secure. It also underscored that no payment information, recovery phrases, private keys, or digital asset data were exposed.
“For the avoidance of doubt, as the Ledger product is self-custodial, Global-e does not have access to your 24 words, blockchain balance, or any secrets related to digital assets,” the company said.
Ledger added that it is working with Global-e to communicate directly with affected customers and noted that the incident was not isolated to Ledger, with data from multiple brands reportedly accessed in the same Global-e system.
The episode follows previous security incidents involving Ledger, including a 2020 data breach tied to its former e-commerce partner Shopify that exposed customer information, and a 2023 hack that resulted in nearly $500,000 in losses across several decentralized finance applications.
“We remain united with the industry in the fight against hackers and bad actors who continue attempting to steal user information across the e-commerce and digital asset ecosystem,” Ledger said.
