Ledger Confirms Data Breach Through Service Provider, Customer Information Stolen

Ledger, a leading blockchain security company, has disclosed a significant data security incident after threat actors breached the internal network of one of its service providers, resulting in the theft of customer information.

 

Ledger is best known for its hardware crypto wallets, such as the Nano X and Nano S Plus, which securely store digital assets offline. The company also offers the Ledger Live app for managing crypto and enterprise solutions like Ledger Vault, making it a major player in Web3 security. 

 

Recently, on-chain investigator ZachXBT reported on Telegram that Ledger suffered a significant data breach involving its payment processor, Global-e. According to a snippet of an email sent by Global-e, the company has launched an investigation; however, the names and contact information of individuals were compromised in the incident.

 

 

 

Global-e provides checkout, order processing, localisation, tax, duty, and compliance services for online retailers worldwide. Its client list includes major brands such as Adidas, Disney, Givenchy, Hugo Boss, Ralph Lauren, Michael Kors, Netflix, and Marks & Spencer.

 

Acknowledging reports of a data security incident, a Ledger spokesperson told BleepingComputer that the company’s network was not impacted and that its hardware and software systems remain secure.

 

“Some of the data accessed as part of this incident pertained to customers who purchased on Ledger.com using Global-e as a Merchant of Record.”

 

According to Ledger, the attackers accessed order data stored on Global-e’s systems. However, neither Global-e nor Ledger had access to customers’ 24-word recovery seed phrases, wallet balances, or any other sensitive information related to digital assets. Ledger also emphasised that no financial information was exposed.