Ledger is informing some customers that their personal data has been exposed after hackers breached the systems of third-party payment processor Global-e.
In a statement for BleepingComputer, the blockchain company underlines that its network has not been impacted and that the platform’s hardware and software systems remain secure.
“Some of the data accessed as part of this incident pertained to customers who purchased on Ledger.com using Global-e as a Merchant of Record,” the company told BleepingComputer.
Out of an abundance of caution, Ledger, the maker of the namesake self-custodial hardware wallets, is warning its customers that the third-party data breach exposed their names and contact information.
On-chain investigator ZachXBT published a community alert with the email notification from Global-e:
.png)
The Global-e platform handles checkout, order processing, localization, taxes, duties, and compliance for multiple online retailers and brands. Among its customers are Bang&Olufsen, adidas, Disney, Givenchy, Hugo Boss, Ralph Lauren, Michael Kors, Netflix, and M&S.
These services require storing customer order data, though Ledger specified that the exposed details do not include financial information.
According to Ledger, the hackers had access to order data present on Global-e’s systems. However, neither Global-e nor Ledger had access to customers’ 24-word seed phrases for accessing the crypto wallet, the blockchain balance, or any secrets related to digital assets.
“Importantly, no payment information was involved,” the company said, noting that attackers may try to target customers in phishing campaigns designed to steal their passphrases.
“We encourage everyone to be alert to any potential phishing campaigns, never disclose their 24 words, and always Clear Sign transactions where possible.” – Ledger
It was also specified that Ledger was not the only brand whose customer data was affected, and that the unauthorized party gained access to a Global-e cloud-based information system containing shopper order data from several brands.
BleepingComputer reached out to Global-e to learn more about the incident and the affected brands. The company replied after publishing time saying that it isolated and secured affected systems immediately after becoming aware of the threat activity in its cloud environment.
Global-e is “currently notifying all potentially affected individuals and relevant regulators directly.” The payment processor highlighted that no payment information or account credentials were compromised.
Ledger says that affected users will receive direct communication from Global-e about the incident and its impact. They are recommended to contact Global-e for more details.
Update [January 5th, 14:22 EST]: Article updated to include information that Global-e sent to BleepingComputer after publishing time, and to correct that the notification shared by ZachXBT came from Global-e, not Ledger.
It’s budget season! Over 300 CISOs and security leaders have shared how they’re planning, spending, and prioritizing for the year ahead. This report compiles their insights, allowing readers to benchmark strategies, identify emerging trends, and compare their priorities as they head into 2026.
Learn how top leaders are turning investment into measurable impact.