Cryptocurrency hardware wallet provider Ledger has clarified a recent data incident involving its e-commerce partner Global-e.
Global-e, a cross-border e-commerce platform integrated by Ledger in October 2023, experienced unauthorized access to order data in its information systems, which affected some Ledger customers.
Ledger told Cointelegraph that the incident was limited to Global-e’s systems and did not involve a breach of Ledger’s platform or its hardware and software.
“Some of the data accessed as part of this incident pertained to customers who made a purchase on Ledger.com using Global-e as a Merchant of Record,” a spokesperson for Ledger said.
Names and contact info leaked
According to social media reports, the Global-e incident resulted in the exposure of some Ledger users’ personal information, including names and contact details.
“We retained independent forensic experts to conduct an investigation into the incident and were able to determine that some personal data to include name and contact information,” Ledger said in a statement to affected customers, shared by users on X.
Ledger highlighted that the breach did not lead to access to any payment information, including payment card or bank account details, and that users’ account credentials or passwords were not affected.
“We would also like to remind you that Global-e does not hold any sensitive personal data — such as gender, date of birth or government ID numbers — to serve our customers,” the company added.
Global-e does not have access to seed phrases
Ledger also reiterated that in line with its wallets’ design and mission, Ledger products are self-custodial, meaning that only the user has access to the private key or the seed phrase, which enables users to access their crypto holdings.
“Global-e does not have access to your 24 words, blockchain balance, or any secrets related to digital assets,” Ledger said in a statement to Cointelegraph, encouraging users to be alert to any potential phishing campaigns.
Ledger said it was not the only brand whose customer data was affected. “The unauthorized party gained access to a Global-e cloud-based information system containing shopper order data from several brands,” it stated.
Ledger added that it continues to work with Global-e to ensure impacted users are notified and informed of steps they can take to protect their data.
Related: Fake MetaMask 2FA security checks lure users into sharing recovery phrases
The incident came just a few months after Ledger warned users of a phishing scam targeting users through physical mail in October 2025.
The latest incident affecting Ledger users is one of many recent data breaches targeting private user information across digital platforms, including crypto services. Previous incidents have led to phishing attacks targeting users of major industry companies such as Coinbase, Binance and rival hardware wallet provider Trezor.
Magazine: How crypto laws changed in 2025 — and how they’ll change in 2026
