{"id":15193,"date":"2026-01-05T09:44:52","date_gmt":"2026-01-05T16:44:52","guid":{"rendered":"https:\/\/jasonsblog.ddns.net\/?p=15193"},"modified":"2026-01-05T09:44:52","modified_gmt":"2026-01-05T16:44:52","slug":"ledger-customers-impacted-by-third-party-global-e-data-breach","status":"publish","type":"post","link":"https:\/\/jasonsblog.ddns.net\/index.php\/2026\/01\/05\/ledger-customers-impacted-by-third-party-global-e-data-breach\/","title":{"rendered":"Ledger Customers Impacted by Third-Party Global-E Data Breach"},"content":{"rendered":"\n

If you bought from Ledger directly, yet another data breach. Consequently, I wouldn’t trust their hardware wallets because they’re not completely opensource, and they have a poor history of protecting data. And it was interesting that instead of tightening up their own products, they had funded a security team looking for vulnerabilities in other hardware wallets, to cast shade on competitors it would seem. Though, users benefited as a lot of hardware wallets improved their security as a result, with many better platforms than Ledger to choose from. <\/p>\n\n\n\n

https:\/\/www.bleepingcomputer.com\/news\/security\/ledger-customers-impacted-by-third-party-global-e-data-breach\/<\/a><\/p>\n\n\n

<\/div><\/div><\/div>\n\n\n

By Bill Toulas<\/p>\n\n\n\n

\"Ledger<\/figure>\n\n\n\n

Ledger is informing some customers that their personal data has been exposed after hackers breached the systems of third-party payment processor Global-e.<\/p>\n\n\n\n

In a statement for BleepingComputer, the blockchain company underlines that its network has not been impacted and that the platform’s hardware and software systems remain secure.<\/p>\n\n\n\n

“Some of the data accessed as part of this incident pertained to customers who purchased on Ledger.com using Global-e as a Merchant of Record,” the company told BleepingComputer.<\/p>\n\n\n\n

Out of an abundance of caution, Ledger, the maker of the namesake self-custodial hardware wallets, is warning its customers that the third-party data breach exposed their names and contact information.<\/p>\n\n\n\n

On-chain investigator ZachXBT published a community alert with the notification from Ledger:<\/p>\n\n\n\n

\"Tweet\"\/<\/a><\/figure>\n\n\n\n

The Global-e platform handles checkout, order processing, localization, taxes, duties, and compliance for multiple online retailers and brands. Among its customers are Bang&Olufsen, adidas, Disney, Givenchy, Hugo Boss, Ralph Lauren, Michael Kors, Netflix, and M&S.<\/p>\n\n\n\n

These services require storing customer order data, though Ledger specified that the exposed details do not include financial information.<\/p>\n\n\n\n

According to Ledger, the hackers had access to order data present on Global-e’s systems. However, neither Global-e nor Ledger had access to customers’ 24-word seed phrases for accessing the crypto wallet, the blockchain balance, or any secrets related to digital assets.<\/p>\n\n\n\n

“Importantly, no payment information was involved,” the company said, noting that attackers may try to target customers in phishing campaigns designed to steal their passphrases.<\/p>\n\n\n\n

\u201cWe encourage everyone to be alert to any potential phishing campaigns, never disclose their 24 words, and always Clear Sign transactions where possible.\u201d – Ledger<\/p>\n\n\n\n

It was also specified that Ledger was not the only brand whose customer data was affected, and that the unauthorized party gained access to a Global-e cloud-based information system containing shopper order data from several brands.<\/p>\n\n\n\n

BleepingComputer reached out to Global-e to learn more about the incident and the affected brands, but we have not received a response by publication time.<\/p>\n\n\n\n

Ledger says that affected users will receive direct communication from Global-e about the incident and its impact. They are recommended to contact Global-e for more details.<\/p>\n","protected":false},"excerpt":{"rendered":"

If you bought from Ledger directly, yet another data breach. Consequently, I wouldn’t trust their hardware wallets because they’re not completely opensource, and they have a poor history of protecting data. And it was interesting that instead of tightening up their own products, they had funded a security team looking for vulnerabilities in other hardware […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6],"tags":[],"class_list":["post-15193","post","type-post","status-publish","format-standard","hentry","category-tech"],"blocksy_meta":[],"featured_image_src":null,"author_info":{"display_name":"Jason","author_link":"https:\/\/jasonsblog.ddns.net\/index.php\/author\/jturning\/"},"_links":{"self":[{"href":"https:\/\/jasonsblog.ddns.net\/index.php\/wp-json\/wp\/v2\/posts\/15193","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/jasonsblog.ddns.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/jasonsblog.ddns.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/jasonsblog.ddns.net\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/jasonsblog.ddns.net\/index.php\/wp-json\/wp\/v2\/comments?post=15193"}],"version-history":[{"count":1,"href":"https:\/\/jasonsblog.ddns.net\/index.php\/wp-json\/wp\/v2\/posts\/15193\/revisions"}],"predecessor-version":[{"id":15194,"href":"https:\/\/jasonsblog.ddns.net\/index.php\/wp-json\/wp\/v2\/posts\/15193\/revisions\/15194"}],"wp:attachment":[{"href":"https:\/\/jasonsblog.ddns.net\/index.php\/wp-json\/wp\/v2\/media?parent=15193"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/jasonsblog.ddns.net\/index.php\/wp-json\/wp\/v2\/categories?post=15193"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/jasonsblog.ddns.net\/index.php\/wp-json\/wp\/v2\/tags?post=15193"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}