Ledger said a customer data exposure disclosed this week stemmed from a security incident at its third-party payment processor, Global-e, and did not involve Ledger’s own systems.
The hardware wallet maker said unauthorized access to Global-e’s cloud environment resulted in the exposure of limited personal information, including names and contact details, belonging to some Ledger customers. Global-e notified affected users by email, with the incident first flagged publicly by blockchain investigator ZachXBT on X.
Global-e did not disclose how many customers were impacted or when the unauthorized access occurred. The company said it detected unusual activity, implemented safeguards, and launched an investigation that confirmed improper access to certain customer data.
“We retained independent forensic experts and determined that some personal data, including name and contact information, were improperly accessed,” Global-e said in the notification.
Ledger said Global-e, which acts as the merchant of record for purchases on Ledger.com, is the data controller and therefore responsible for customer communications.
“This was not a breach of Ledger’s platform, hardware, or software, which remain secure,” Ledger said in an email response to CoinDesk. “The incident involved unauthorized access to order data within Global-e’s systems related to customers who completed purchases using Global-e.”
The company stressed that no payment information, recovery phrases, private keys, or digital asset data were compromised, noting that Global-e does not have access to customers’ wallets or blockchain balances.
Ledger said it is coordinating with Global-e to ensure affected users receive relevant information and added that the incident impacted multiple brands whose order data was stored within the same Global-e cloud infrastructure.
The disclosure follows earlier security-related incidents involving Ledger, including a 2020 customer data breach tied to e-commerce platform Shopify and a 2023 hack that resulted in losses of nearly $500,000 across several decentralized finance applications.
Ledger said it remains focused on strengthening defenses and working with industry partners to counter ongoing threats from hackers and other malicious actors.
