02.01.2026
2 min
1
441
Hardware wallet maker Ledger has warned some customers that their personal data was exposed following a breach at its third-party payment processor Global‑e. The company stressed that Ledger’s own systems and customer wallets were not compromised.
According to Ledger, the incident impacted customers who made purchases on Ledger.com using Global-e as the Merchant of Record. Attackers gained unauthorized access to a cloud-based system operated by Global-e that contained customer order information.
Ledger confirmed that the exposed data may include names and contact details. However, no financial information, payment card data, or crypto-related secrets were involved in the breach.
Global-e provides checkout, localization, tax, and compliance services for numerous global brands, which requires storing customer order data. This makes such platforms high-value targets for attackers seeking personal information.
On-chain investigator ZachXBT shared a community alert containing Global-e’s notification. Ledger emphasized that 24-word recovery phrases, wallet balances, and private keys were never accessible to Global-e and therefore could not have been exposed.
While the breach did not impact Ledger’s wallets or blockchain security, it highlights the growing risk posed by third-party service providers. Even limited exposure of contact data can fuel phishing campaigns targeting cryptocurrency users.
