Ledger hit by data breach after compromise at third-party processor

Hardware wallet maker Ledger is dealing with another data exposure incident, this time linked to its external payment processor.

The issue was connected to systems operated by Global-e and came to public attention after details of a customer notification were shared on X by blockchain investigator ZachXBT.

While the exposure did not involve wallet keys or funds, it has again raised questions around how third-party services handle customer information linked to crypto companies.

The development adds pressure on crypto firms to reassess vendor oversight, disclosure processes, and customer communication during security incidents globally.

ZachXBT

@zachxbt

·Follow

Community alert: Ledger had another data breach via payment processor Global-e leaking the personal data of customers (name & other contact information).

Earlier today customers received the email below.

5:00 pm · 5 Jan 2026

Read 2 replies

What the incident involved

According to the notification sent to customers, unauthorised access occurred within Global-e’s cloud environment.

The data affected included Ledger users’ personal details, such as names and contact information.

The message did not state that payment credentials or crypto assets were compromised.

It also did not disclose how many Ledger customers were impacted or when the breach took place, leaving the scope and duration of the exposure undefined.

The incident also highlights growing reliance on outsourced checkout and logistics providers across the crypto hardware industry, where customer data often flows between multiple systems.

Such arrangements can complicate breach disclosure, slow coordination, and leave end users dependent on vendors’ security practices rather than a single, clearly accountable platform provider.

How it came to light

Public awareness of the exposure followed ZachXBT’s post on X, which included the contents of the customer email.

The disclosure drew attention because it preceded any broader public statement from Ledger outlining the incident.

The episode highlights how disclosures linked to third-party vendors can emerge outside a company’s usual communication channels, particularly in the crypto sector where independent investigators often surface security issues.

Ledger itself has not published a detailed incident breakdown on its official channels.

Its social media accounts currently show no active breach alerts, instead continuing to share general reminders encouraging users to stay vigilant against scams.

Global-e investigation

Global-e confirmed that it detected unusual activity within its systems and moved to contain the issue.

The company said it put additional controls in place and launched an investigation with the help of independent forensic specialists.

That investigation verified that some personal data, including names and contact details, had been accessed improperly.

No further technical specifics or remediation timelines have been made public so far.

Past security context

The latest exposure follows earlier security challenges linked to Ledger’s wider operating environment.

Previous incidents have shown how vulnerabilities can emerge across interconnected platforms, particularly where hardware providers rely on external services for sales, integrations, or transaction processing.

The pattern has kept attention focused on how security responsibilities are shared across crypto infrastructure.

The post Ledger hit by data breach after compromise at third-party processor appeared first on Invezz

Ledger hit by data breach after compromise at third-party processor

What the incident involved

How it came to light

Global-e investigation

Past security context

Related News

ZIL could overcome the $0.0062 resistance to hit $0.0065: Check forecast

Visa taps BVNK to bring stablecoin payments to $1.7 trillion network

YZi Labs backs Genius to build private, high-speed on-chain trading for pros