Ledger customers are once again facing privacy concerns after the company confirmed a data breach involving its payment processor, Global-e.
Quick Summary – TLDR:
- Ledger disclosed a data breach caused by Global-e, which exposed customer names and contact info.
- The breach did not impact user funds, wallet seed phrases, or private keys, according to Ledger.
- This marks Ledger’s second known data incident involving customer data since 2020.
- Security experts warn that leaked contact info can fuel phishing attacks targeting crypto users.
What Happened?
Hardware wallet maker Ledger has confirmed that personal data from its customers was leaked due to a security breach at Global-e, its payment and e-commerce partner. The breach, which Global-e identified as “unusual activity” in its cloud systems, resulted in unauthorized access to customer names and contact details.
Although Ledger’s hardware wallets and private keys remain secure, the incident is still troubling, especially given Ledger’s history with third-party breaches.
Community alert: Ledger had another data breach via payment processor Global-e leaking the personal data of customers (name & other contact information).
— ZachXBT (@zachxbt) January 5, 2026
Earlier today customers received the email below. pic.twitter.com/RKVbv6BTGO
Global-e Breach Compromises Ledger Customer Data
On January 5, 2026, Ledger began informing customers that Global-e’s systems had been breached, exposing personal data. While the companies did not disclose the number of affected users, the data includes names and unspecified contact information.
Global-e stated that it had taken immediate action to contain the breach and hired independent forensic experts to investigate. Ledger reassured users that no sensitive wallet-related data, such as 24-word recovery phrases or blockchain balances, was exposed. Ledger emphasized that Global-e does not have access to this type of information.
Still, Ledger urged customers to stay alert, avoid phishing scams, and never share their wallet recovery phrases. They also recommended users enable Clear Signing and use Transaction Check when managing blockchain transactions.
Another Breach in a Series of Incidents
This is not the first time Ledger customers have suffered from leaked data. Back in 2020, a third-party breach via Shopify revealed the personal information of 270,000 Ledger users, which led to widespread phishing attacks.
Similarly, an earlier incident in April 2025 also involved unauthorized access, though details remain limited. These recurring incidents have drawn criticism about Ledger’s reliance on external vendors.
Security analyst ZachXBT, who initially brought the breach to wider attention, warned crypto users against blindly trusting hardware wallet companies. He also suggested using fake personal details when buying wallets online to minimize risks in case of future data leaks.
What Data Was Exposed?
While Ledger and Global-e have not shared specifics, the breach reportedly includes:
- Customer names
- Some form of contact information (email, phone, or physical address, though unspecified)
There is no evidence that payment details or cryptocurrency holdings were compromised.
Ledger’s Response
Ledger stressed that its platform, software, and hardware devices remain secure. In a statement, the company said:
The company added that it worked closely with Global-e to notify affected users and continues to monitor the situation.
SQ Magazine Takeaway
I’ve got to say, while it’s a relief that funds and seed phrases weren’t affected, this is still a serious issue. Contact details in the wrong hands can be just as dangerous in the crypto world. We’ve seen how easily phishing attacks can trick even careful users. Ledger may offer secure wallets, but if the front-end services and third-party partners are vulnerable, the whole ecosystem feels shaky. Honestly, it might be time for companies like Ledger to rethink how much user data they collect and how they manage third-party risks. As users, we’ve got to stay alert and keep our recovery phrases off every platform, no matter what.
