Ledger Says Customer Data Was Breached in Third-Party Payment Processor Global-e

Ledger said a recently disclosed customer data exposure originated from a security incident at its third-party payment processor, Global-e, and did not involve Ledger’s internal systems.

The hardware wallet firm said unauthorized access to Global-e’s cloud infrastructure led to the exposure of limited customer information, including names and contact details. Global-e informed affected users via email, with the disclosure first brought to wider attention by blockchain investigator ZachXBT on X.

Global-e has not said how many customers were affected or when the incident occurred. The company said it identified unusual activity, took immediate action to contain the issue, and conducted an investigation that confirmed improper access to certain personal data.

“We retained independent forensic experts who determined that some personal data, including name and contact information, were improperly accessed,” Global-e said in its customer notice.

Ledger said Global-e serves as the merchant of record for purchases made on Ledger.com and is therefore the data controller responsible for issuing notifications.

“The unauthorized access occurred within Global-e’s information systems and did not impact Ledger’s platform, hardware, or software,” Ledger said in a statement to CoinDesk. “Our systems remain secure.”

The company added that no payment information, wallet recovery phrases, private keys, or digital asset data were compromised, emphasizing that Global-e does not have access to users’ wallets or blockchain balances.

Ledger said it is working closely with Global-e to ensure affected customers receive appropriate information and guidance. It also noted that Ledger was not the only merchant impacted, as the compromised Global-e environment contained order data from multiple brands.

The incident adds to Ledger’s history of security-related disclosures, including a 2020 breach involving e-commerce partner Shopify that exposed customer information and a 2023 exploit that led to losses of nearly $500,000 across several decentralized finance applications.

Ledger said it continues to coordinate with industry partners to address cybersecurity threats and protect users across the digital asset ecosystem.