Skip to content
- Ledger reports third-party data exposure but confirms wallets and systems are safe.
- The Global-e breach exposed customer contact details tied to Ledger.com orders.
- The incident renews scrutiny of crypto firms’ data security and reliance on vendors.
Ledger has alerted customers to the new exposure of personal data tied to a security incident at a third-party commerce provider. The company said the issue did not affect its wallets or core systems. The disclosure surfaced after an alert circulated widely on social media late Monday evening this week.
Blockchain investigator ZackXBT was the first to publicly share the alert. The message stated that Global-e, an e-commerce and logistics firm used by Ledger, had experienced unauthorized access to parts of its systems. The notice revealed that unauthorized access had exposed some customer information associated with orders.
Global-e later informed Ledger of the incident. The company said the access involved order-related data connected to purchases made on Ledger.com. Global-e acts as the merchant of record for Ledger’s international sales operations.
Ledger Confirms Data Leak While Core Systems Stay Secure
According to Ledger, the exposed data included basic customer details. These details covered names and certain contact information used during checkout. The company did not disclose how many customers were affected by the incident.
Ledger emphasized that there was no breach in its infrastructure. The firm said its hardware devices, internal platforms, and software systems remained secure. It also stressed that the incident did not impact the self-custodial nature of its products.
The company clarified that third-party providers do not have access to sensitive wallet data. Recovery phrases, private keys, and blockchain balances were not exposed. Ledger also confirmed that no payment card or banking information was compromised.
Also Read: Crypto Hack Losses Drop in December, But $76M Still Stolen
Ledger is widely known for producing hardware wallets used to store cryptocurrency private keys offline. Ledger designs these devices to mitigate online attack risks. Individual holders and institutional clients across multiple regions use them.
Ledger’s Prior Data Failures Highlight Ongoing Vulnerabilities
This newest disclosure has attracted attention given that Ledger has had previous data security concerns. Attackers got access to the marketing and e-commerce databases owned by the company in 2020. The hack led to the release of personal information about over 270,000 customers to the general public.
The previous leak had email addresses, phone numbers, and partial home addresses. It resulted in phishing attacks and reports of physical threats against users. The incident eroded confidence and cast doubt on data handling practices.
After the breach of 2020, Ledger implemented changes to its data protection processes. The company also provided a bitcoin reward for information on data attacks. This was followed by legal action, including a class-action lawsuit with a former e-commerce partner.
Ledger has not provided any information on whether the recent exposure is on the scale of the previous breach. The company simply said that the problem was restricted to a third-party system. It also stated that customers would receive a direct notification in case their data was affected.
The event will likely revive skepticism over the way crypto companies treat customer data. It also highlights the risks associated with outsourcing. To the hardware wallet manufacturers, data protection is still highly associated with user trust and security messages.
Also Read: Visa-Linked Crypto Cards See Explosive Growth With Major Spending Spike in 2025
