Hardware Wallet Ledger Confirms Customer Data Leak via Third Party Vendor

Ledger customers received unexpected notifications about a hacking incident affecting their personal details on January 5, 2026. The issue stems from Global-e, the third-party payment processor that manages transactions and e-commerce for Ledger's official online store. Onchain investigator ZachXBT brought attention to the matter by sharing a copy of the notification email sent to affected users.

Global-e reported that it detected unusual activity within a portion of its network. The company was able to contain the breach and secure its systems. Independent forensic experts have been brought in to investigate the full extent of the unauthorized access.

The exposed data includes customer names, email addresses, shipping addresses, and other contact information tied to orders placed through Ledger's shop. No payment card details, passwords, or identification documents appear to have been compromised. The exact number of impacted individuals and the precise date of the incident have not yet been made public.

This development represents another chapter in Ledger's ongoing challenges with customer data security. Past incidents have shown how personal information leaks can fuel targeted phishing campaigns against cryptocurrency holders. Many users remain particularly cautious given the sensitive nature of hardware wallet ownership.

Company Response and Security Assurance

Ledger clarified that the Global-e incident has no connection to its hardware devices, Ledger Live software, or any cryptocurrency management platforms. Global-e handles only order fulfillment and payment processing, with no access to recovery phrases, private keys, or on-chain balances. Customer funds stored on Ledger devices remain fully secure as a result.

Both companies have stressed that digital assets face no direct risk from this event. Ledger continues to emphasize the offline nature of its hardware wallets as a core protection against remote attacks. The breach serves as another example of third-party risks in the broader crypto wallet supply chain.

Ledger advised users to stay alert for potential phishing attacks that could exploit the leaked contact details. The company recommends enabling clear signing features for transactions when supported by applications. Using transaction verification tools on the device screen provides an additional layer of protection during on-chain activity.

Global-e stated it will not reach out to individuals for additional information related to the investigation. Any unsolicited communications claiming to be from Global-e or Ledger regarding this matter should be ignored. Customers can monitor official channels for future updates as the forensic review progresses.