Ledger Faces Customer Data Breach Through Payment Processor Global-e

[Emjay24]

Ledger, a well-known provider of hardware wallets, disclosed a data breach involving the third-party payment processor Global-e on January 5, 2026. According to investigator ZachXBT, the incident reportedly exposed customer names and contact details.

The breach occurred through Ledger's integration with Global-e, which detected unusual activity within its cloud infrastructure. Ledger took swift action to contain the breach and engaged independent forensic experts for a detailed investigation
source

There may be possibilities of phishing link attacks, users of Ledger should be more careful as their contact details were exposed, They should  be on guard for suspicious emails and links.

[_act_]

There may be possibilities of phishing link attacks, users of Ledger should be more careful as their contact details were exposed, They should  be on guard for suspicious emails and links.

Ledger will not stop to surprise us, this may be more than just avoiding phishing attackers, it can be up to home address details of users to have been leaked. To clear this in the public, they should let us know other contact details that have been stolen by the hackers.

[Sticky Bomb]

There may be possibilities of phishing link attacks, users of Ledger should be more careful as their contact details were exposed, They should  be on guard for suspicious emails and links.

Ledger will not stop to surprise us, this may be more than just avoiding phishing attackers, it can be up to home address details of users to have been leaked. To clear this in the public, they should let us know other contact details that have been stolen by the hackers.

These constant data breach by ledger has reached the point that they would be investigated to know if they are intentionally orchestrating those data breaches and selling users data. This is vey recurrent and I cannot help it but suspect intentionality.

Users need to be very careful as their whole data may be in the very wrong hands. Anyways, so much limitation for KYC .

[Catenaccio]

Ledger, a well-known provider of hardware wallets, disclosed a data breach involving the third-party payment processor Global-e on January 5, 2026. According to investigator ZachXBT, the incident reportedly exposed customer names and contact details.

The breach occurred through Ledger's integration with Global-e, which detected unusual activity within its cloud infrastructure.

Ledger hardware wallet company has many data breaches in its history and we only witnessed a latest one, but remember that this one is not their first and only data breach.

Data breaches are something long live with Ledger and it is like their brand mark.
Ledger Live breach, potential stolen assets.

Ledger wallet is also close-source that is another bad thing about this wallet.
https://walletscrutiny.com/?platform=allPlatforms&page=0&query-string=ledger

There are better hardware wallets which are open-sourced.
[LIST] Open Source Hardware Wallets.

[Taskford]

Ledger, a well-known provider of hardware wallets, disclosed a data breach involving the third-party payment processor Global-e on January 5, 2026. According to investigator ZachXBT, the incident reportedly exposed customer names and contact details.

The breach occurred through Ledger's integration with Global-e, which detected unusual activity within its cloud infrastructure. Ledger took swift action to contain the breach and engaged independent forensic experts for a detailed investigation
source

There may be possibilities of phishing link attacks, users of Ledger should be more careful as their contact details were exposed, They should  be on guard for suspicious emails and links.

Another one? its crazy to know that there's another breach happening on Ledger and this is really a bad sign for their costumers. For new costumers or maybe old ones to, best to be more careful dealing with their details on ledger because I think there would be more breach will happen.

Since it seems that they didn't learn from those past incident happened to them. Because they continue to experience this issues.

It will be worse if next time there would be a huge hacking will happen involving wallet draining or maybe more bigger data breach in future.

[satscraper]

Ledger hardware wallet company has many data breaches in its history and we only witnessed a latest one, but remember that this one is not their first and only data breach.

So what.

The current breach is the fault of another company, namely Global‑e, which is Ledger’s 3^rd party payment provider.

Accusing Ledger of this breach is like blaming yourself for inherited DNA in your body being attacked by viruses and and resulting in chronic disease.

That DNA is not under your control. The same is true for Global‑e’s software and hardware, they are not under Ledger’s control.

[Somegory]

This is another proof that users data still depends heavily on centralised vendors and their security practices, anyways, the problem is the the expectation of incoming phishing waves, it's going to be very big.

Unfortunately from now on crypto investors have become a premium target, the data is already out there now and scammers will start to target Ledger owners as fresh data hits the dark web or the dark market.

Ledger users should be expecting phone calls from investment companies, Ledger users are in big trouble, we could shine some light on this matter very quickly if Ledger was a open source wallet, been closed source is now a case of " only God knows."

[PX-Z]

Wow, another data breach. Great way to build user trust again, lol. What will Ledger do? Probably nothing, maybe an apology, then move on. No real accountability. At this point, it's hard to see how this won't hurt their business in the long run.

[Don Pedro Dinero]

Wow, another data breach. Great way to build user trust again, lol. What will Ledger do? Probably nothing, maybe an apology, then move on. No real accountability. At this point, it's hard to see how this won't hurt their business in the long run.

Thank goodness I bought another one from a different brand when my Ledger stopped working. What a rubbish company.

So what.

So it is a rubbish company.

The current breach is the fault of another company, namely Global‑e, which is Ledger’s 3^rd party payment provider.

Ledger is to blame for hiring that bloody company.

Accusing Ledger of this breach is like blaming yourself for inherited DNA in your body being attacked by viruses and and resulting in chronic disease.

That DNA is not under your control. The same is true for Global‑e’s software and hardware, they are not under Ledger’s control.

That's a textbook false analogy. You cannot decide to buy one DNA or another à la carte.

[satscraper]

So it is a rubbish company.

Agreed, Global‑e is the rubbish company.

Ledger is to blame for hiring that bloody company.

You seem to be the one who has the crystal ball and never end up buying anything faulty.

I assume Ledger doesn’t possess such magic ball.

You cannot decide to buy one DNA or another à la carte.

But you have nine months to decide whether it’s worth taking your first breath.  

[TryNinja]

So what.

The current breach is the fault of another company, namely Global‑e, which is Ledger’s 3^rd party payment provider.

Accusing Ledger of this breach is like blaming yourself for inherited DNA in your body being attacked by viruses and and resulting in chronic disease.

That DNA is not under your control. The same is true for Global‑e’s software and hardware, they are not under Ledger’s control.

It's still partly their responsability.

They know how sensible is the data of their customers, so why are they storing their customer's data on so many third parties? At one point they need to understand that keeping everything in house with strong security is the only option. That's like saying it's not a wallet's fault that their user's seeds were leaked because it was a third party that was breached. Wouldn't you stop and question why they would be storing that data on a third party?

[BitMaxz]

I'm not surprised since this was a common issue with Ledger before; they always had this breach. I don't know why people still stick to using the Ledger wallet even though they had the past breach issue like this one.
If anyone here remembers the past customer data breach, I think around 2020 many customers' emails were exposed at that time. So I'm not surprised if the issue repeats; it always happens that 3rd parties are involved, like before when Shopify was involved.

[m2017]

Ledger, a well-known provider of hardware wallets, disclosed a data breach involving the third-party payment processor Global-e on January 5, 2026. According to investigator ZachXBT, the incident reportedly exposed customer names and contact details.

The breach occurred through Ledger's integration with Global-e, which detected unusual activity within its cloud infrastructure. Ledger took swift action to contain the breach and engaged independent forensic experts for a detailed investigation
source

There may be possibilities of phishing link attacks, users of Ledger should be more careful as their contact details were exposed, They should  be on guard for suspicious emails and links.

Why are you making such a big news story out of this? It's high time we got used to the fact that ledger's user data is publicly available.  They should introduce a slogan for customers: "If you want the whole world to know about you, buy a ledger."

There have already been so many incidents in ledger's history that current events no longer cause any damage to its reputation.   Everyone's gotten used to this and resigned themselves to it.

[hugeblack]

Why would a company like Ledger create hardware wallets that use a third-party service to process payments? Wouldn't it be easier to pay via Bitcoin/cryptocurrencies only and via an open source service or at least not share customer data with third parties?

[fullfitlarry]

Why would a company like Ledger create hardware wallets that use a third-party service to process payments? Wouldn't it be easier to pay via Bitcoin/cryptocurrencies only and via an open source service or at least not share customer data with third parties?

That's how business are done now. It's going to be a burden for Ledger themselves to process all the payments and all other business in general. That's why they hire someone in this case Global-e to handle everything, from order to processing. Take note though that it's not only Ledger as their customers, they have Bang&Olufsen, adidas, Disney, Givenchy, Hugo Boss, Ralph Lauren, Michael Kors, Netflix, and M&S.

And just to be clear, it's not Ledger that has been hacked here, it's Global-e. Nevertheless, Ledger inform their customers about it and the whole crypto in general that maybe in the next couple of months, there could be wild spread phishing attempts from the criminals so everyone should watch out for it.

[FinneysTrueVision]

Any time Ledger has been in the headlines in recent years, it almost always for something negative. It’s not always their fault, like when their founder was kidnapped, but it shows how far they have fallen when you cannot find any good stories about them. They have become synonymous with security exploits, scammy exchange partners, deceptive marketing, and subscription products that are designed to extract value from customers who would be better off using alternatives.

[satscraper]

So what.

The current breach is the fault of another company, namely Global‑e, which is Ledger’s 3^rd party payment provider.

Accusing Ledger of this breach is like blaming yourself for inherited DNA in your body being attacked by viruses and and resulting in chronic disease.

That DNA is not under your control. The same is true for Global‑e’s software and hardware, they are not under Ledger’s control.

It's still partly their responsability.

Agreed, because each of us is partly responsible for everything that happens in the world, as the world itself is the nonlinear system in which the small disturbance may result the huge consequence.

Even someone who sneezes in Europe can ^{in theory} trigger hurricane in South America. This is the so‑called butterfly effect often discussed in catastrophe theory.

Applied to the current case, this would mean that the programming carelessness of someone ^{let’s say from India} could have caused the data leakage in the part of  Global‑e database where Lafgers’ data was stored.

[crwth]

I'm actually getting pissed off about this because I still receive emails like this, and it's just getting worse. I really wouldn't get anything from them because of these concerns. Even if I try to report things like this, it's like they don't value it. They don't even reply to the concerns.

They need to improve their customer support measures and, of course, the security that allowed something like this to happen.

Is there any official post about this from Ledger's POV?

[satscraper]

Is there any official post about this from Ledger's POV?

Sure, there is Ledger’s response to the incident, just visit their official support page. They explained that there was not even a gram of fault on Ledger’s part.

May I ask why you are so concerned about this incident? Did you buy Ledger device and pay by wire transfer, which could have resulted in your personal data being leaked? Or is this simply stampede‑like behavior on your part?

[coinrifft]

https://x.com/TFTC21/status/2008322615061213541

And the phishing email has started. This could be just one of the many emails that the cyber actors will do in the next couple of months to try and find a victim using this latest customer's data breach.