Hardware wallet maker Ledger has suffered another data breach after its third-party payment processor, Global-e, experienced a security incident that exposed some customers’ personal information.
Ledger customers began receiving email notifications earlier today informing them that Global-e, which handles checkout and payment services for Ledger’s online store, detected “unusual activity” within its systems.
According to the notice, the incident resulted in the exposure of limited personal data, including customer names and other contact details. No information suggesting that private keys, recovery phrases, or crypto assets were compromised was reported.
Global-e said it has since contained the incident and launched an investigation with the help of external forensic experts.
The company did not disclose how many Ledger customers were affected or whether the exposed data had been accessed or misused by malicious actors. Ledger has also not provided a specific timeline for when the breach occurred.
The incident has triggered renewed concern within the crypto community, where Ledger has faced criticism in the past over data security.
In 2020, Ledger suffered a major breach in which the personal information of hundreds of thousands of customers was leaked after attackers gained access to its marketing database. That breach led to years of phishing attempts, scams, and harassment targeting affected users.
While this latest breach appears more limited in scope, community members have raised alarms over the continued reliance on third-party service providers for sensitive customer data.
Security experts warn that even partial leaks of personal information can be exploited for phishing attacks, impersonation scams, and social engineering campaigns.
Global-e said it is continuing to monitor its systems and will provide updates as the investigation progresses.
Ledger advised customers to remain cautious of unsolicited emails or messages and reiterated that it will never ask users to share recovery phrases or private keys.
The breach underscores ongoing risks associated with centralized data handling in the crypto industry, even for companies focused on self-custody and security.
As adoption grows, industry observers say stronger safeguards and reduced data retention practices may be necessary to limit the impact of future incidents.