The incident, which Ledger addressed in a January support update, involved unauthorized access to systems operated by Global-e, a merchant-of-record service that processes international orders placed through Ledger’s online store. Ledger said the issue did not stem from its own infrastructure.

According to the company, the exposed information was limited to order-related customer data, including names, contact details, and shipping information associated with purchases. Ledger emphasized that payment card details, recovery phrases, private keys, and wallet balances were not involved.

Ledger said it was notified by Global-e after the third-party identified suspicious activity within part of its cloud environment. Global-e subsequently contained the incident and began notifying affected customers directly, as it serves as the data controller for checkout information.

Screenshot of Ledger’s January support update.

Several big-name social media accounts wasted no time broadcasting details of the data breach, and they were quickly joined by a steady stream of complaints that made it clear frustration was part of the package.

“Community alert: Ledger had another data breach via payment processor Global-e leaking the personal data of customers (name & other contact information),” Onchain investigator ZachXBT wrote on X.

In its response, Ledger sought to draw a clear line between customer order data and wallet security. The company reiterated that its hardware wallets operate in a self-custodial model, meaning private keys and recovery phrases never leave the device and are never accessible to third-party service providers.

Ledger also warned customers to remain alert for phishing attempts that may leverage exposed contact details. The company reiterated that it will never ask users to share recovery phrases or sensitive wallet information through email, phone calls, or direct messages.

While Ledger did not disclose how many customers were affected, it said it is cooperating with Global-e and supporting an ongoing forensic investigation to better understand the scope of the incident. Independent security experts have been engaged as part of that review.

The company’s messaging has focused on transparency around what was and was not accessed, with repeated assurances that the breach did not impact Ledger’s products, firmware, or cryptographic systems.

The Global-e incident has also renewed attention on Ledger’s past data-security challenges. In 2020, a Ledger e-commerce and marketing database was compromised, exposing personal information tied to hundreds of thousands of customers.

Also read: Report: Ledger Contemplates Public Debut as CEO Hints at IPO or Private Round

That earlier breach did not involve wallet data either, but it led to prolonged phishing campaigns and harassment attempts against affected users. Ledger acknowledged the incident at the time, notified regulators, and warned customers about social-engineering risks.

Taken together, the Global-e incident highlights the ongoing risks associated with third-party service providers, even when core wallet infrastructure remains secure. Ledger has positioned the latest exposure as a reminder that customer vigilance remains critical in the broader crypto ecosystem.

• What happened in the Global-e incident involving Ledger?
  A third-party e-commerce provider used by Ledger experienced unauthorized access that exposed some customer order data.
• Was Ledger’s wallet infrastructure compromised?
  No, Ledger said its wallets, private keys, recovery phrases, and crypto assets were not affected. The firm stressed that none of Ledger’s own infrastructure was touched, framing the episode as a clean-cut issue confined entirely to a third-party vendor.
• What customer information was exposed?
  The exposed data included order-related details such as names and contact information, not financial or wallet data.
• Why are Ledger customers mentioning the firm’s 2020 data breach again?
  The earlier incident provides context for ongoing phishing risks tied to exposed personal information, even when wallets remain secure.

免责声明：本文章仅代表作者个人观点，不代表本平台的立场和观点。本文章仅供信息分享，不构成对任何人的任何投资建议。用户与作者之间的任何争议，与本平台无关。如网页中刊载的文章或图片涉及侵权，请提供相关的权利证明和身份证明发送邮件到support@aicoin.com，本平台相关工作人员将会进行核查。