Ledger Suffers Another Data Leak of Customer Information Through Payment Processor Global-e

The incident occurred due to unauthorized access to Global-e's systems, compromising names, contact details, and other information of customers who made purchases on Ledger.com starting from October 2023. Importantly, this leak did not affect Ledger's platform directly, hardware wallets, or users' crypto assets, private keys and recovery phrases remained secure.

Incident Details

According to a report from crypto security analyst ZachXBT, Ledger customers began receiving emails from Global-e about "unusual activity" in their cloud systems. In the letter dated January 5, 2026, Global-e stated that they had hired independent experts for an investigation and discovered unauthorized access to certain personal data, including names and contact information. Ledger emphasized that the leak was limited to Global-e's systems and did not involve payment data (such as card numbers or bank accounts), passwords, or sensitive information like birth dates or document numbers. The company also noted that Global-e does not have access to blockchain balances or secrets related to digital assets.

This incident affected not only Ledger but also other brands that use Global-e as a payment processor. Ledger is working with the partner to notify affected customers and provide protection recommendations.

Community and Expert Reactions

The crypto enthusiast community reacted with outrage, especially considering Ledger's previous data leaks. ZachXBT highlighted that this is not the first case and advised users to use fake data when purchasing hardware wallets. Users on X are discussing switching to alternatives like Trezor, though ZachXBT warned that Trezor has had similar database issues. Some analysts, like Specter, call this a "clown show" for Ledger, while others, like Keystone Wallet, promote their products as a safer alternative.

Historical context adds fuel to the fire: in 2020, Ledger experienced a direct leak where 1 million email addresses and 272 thousand physical addresses and phone numbers of customers were compromised. This data was used for phishing, fraud, and blackmail. Another leak occurred in 2021 through Shopify, an e-commerce partner.

Experts like DCinvestor and Anita Posch have long criticized Ledger for such incidents, emphasizing the risks to users.

Recommendations for Users

Ledger advises customers to be vigilant against potential phishing attacks, SIM-swaps, and social engineering. Do not respond to suspicious messages, do not share recovery phrases, and use two-factor authentication. If you received a letter from Global-e, verify its authenticity through Ledger's official channels.

This case underscores the vulnerability of third parties in the crypto ecosystem and serves as a reminder of the importance of self-custody of assets. Ledger continues to assure that their products remain secure, but community trust has been shaken. Stay tuned for updates as the investigation continues.