Ledger Confirms Customer Data Exposure Linked to Third-Party Processor Global-e

Ledger is responding to a customer data exposure linked to a security incident at its third-party payment processor, Global-e.

The hardware wallet provider said the breach involved unauthorized access to Global-e’s cloud systems, resulting in the exposure of limited personal information belonging to some Ledger customers, including names and contact details. Global-e disclosed the incident in an email to affected users, which was first circulated publicly by blockchain investigator ZachXBT on X.

The payment processor did not disclose how many customers were affected or when the intrusion occurred. Global-e said it identified unusual activity, implemented immediate safeguards, and conducted an investigation that confirmed improper access to certain customer data.

“We retained independent forensic experts to investigate the incident and determined that some personal data, including names and contact information, were improperly accessed,” Global-e said in its email.

Ledger said the incident did not involve its own systems and stressed that Global-e, which acts as the merchant of record for Ledger purchases, is the data controller responsible for customer notifications.

“This was not a breach of Ledger’s platform, hardware, or software,” the company said in an email response to CoinDesk. “The unauthorized access occurred within Global-e’s information systems and involved order data related to customers who completed purchases on Ledger.com using Global-e.”

Ledger added that no payment details, recovery phrases, private keys, or digital asset information were compromised, noting that Global-e has no access to customers’ wallets or blockchain balances.

The company said it is working with Global-e to ensure affected users receive relevant information and guidance. It also noted that Ledger was not the only brand impacted, as the compromised Global-e system stored order data for multiple merchants.

The incident adds to Ledger’s history of security-related challenges. In 2020, customer information was exposed through an earlier breach involving e-commerce platform Shopify, and in 2023 the company was affected by a hack that led to losses of nearly $500,000 across several decentralized finance applications.

Ledger said it remains committed to safeguarding users and coordinating with industry partners to combat ongoing threats from hackers and other malicious actors.