Catenaa, Thursday, January 08, 2026-Ledger has notified customers of a data exposure involving personal information following a security incident at third-party e-commerce provider Global-e.
The compromised data reportedly included customer names and contact details, though the total number of affected users was not disclosed.
Ledger confirmed that the incident involved unauthorized access to order data on Global-e’s systems, which serves as the Merchant of Record for international transactions on Ledger.com.
The company emphasized that its own platform, hardware wallets, and software remain secure, with no access to private keys, blockchain balances, or payment information.
Ledger, a hardware wallet maker serving both retail and institutional clients, has a history of customer data breaches. In 2020, a leak exposed personal information of over 270,000 users, including names, emails, phone numbers, and in some cases, home addresses.
That breach led to phishing attacks, harassment, and a class-action lawsuit against Ledger and e-commerce partner Shopify.
While it is unclear whether the current incident rivals the scale of the 2020 breach, the exposure is likely to renew concerns over how crypto firms and third-party service providers manage customer data, particularly for companies marketing security as a core feature.
Ledger reassured users that Global-e has no access to sensitive wallet credentials and that self-custody of crypto assets remains intact.
