Ledger confirms customer data accessed in Global-e e-commerce breach

TL;DR

Ledger says an unauthorized party accessed customer order and contact information through its ecommerce partner Global-e; financial details, passwords and 24-word recovery phrases were not impacted, according to the companies. Phishing attempts tied to the incident have already been spotted and customers are being urged to remain vigilant.

What happened

Ledger disclosed that customer order and contact records were exposed following a breach at its ecommerce payments partner, Global-e. The attacker gained access to a cloud-based system used to store shopper order data for multiple brands; Ledger says the leaked fields included basic personal contact details and information about purchased products and prices. Both companies stated that sensitive financial information, account passwords and Ledger recovery phrases were not part of the data accessed. Global-e began notifying affected shoppers on January 5 and advised that it does not retain certain sensitive identifiers used for fulfilment, such as government IDs. Security observers and a threat researcher posted examples of phishing emails that began circulating shortly after the notifications. Ledger warned users to avoid following unsolicited instructions, to never share their 24-word recovery phrase, and to report suspicious communications or unexpected physical devices through official support channels.

Why it matters

• Exposure of names, contact details and order histories can enable targeted phishing, scams and social engineering.
• The incident highlights third-party supply chain risk when ecommerce and payment platforms hold customer data for many brands.
• Customers of other companies using the same platform may also have been affected, increasing the scope beyond a single brand.
• Even without direct financial compromise, phishing and device-replacement scams can still lead to cryptocurrency theft if users are tricked into revealing recovery phrases.

Key facts

• Ledger reported that names, contact details and order information (products and prices) were accessed in the Global-e incident.
• Ledger and Global-e said financial payment data, account passwords and 24-word Ledger recovery phrases were not exposed.
• Global-e began sending notices to impacted shoppers on January 5 and stated it does not store certain sensitive documents used for fulfilment.
• An example phishing message impersonating the service was shared publicly by a security researcher soon after the breach became known.
• Ledger cautioned customers never to share their recovery phrase, never to scan unsolicited QR codes, and to verify device authenticity with Ledger Genuine Check.
• Ledger said the unauthorized party accessed a Global-e cloud-based system containing order data from several brands.
• At the time of reporting, Ledger was the only brand to publicly confirm that its customers were affected.
• Global-e says it supports more than 1,000 brands across 200+ markets, but did not list other clients implicated in this incident.

What to watch next

• Whether additional brands using Global-e publicly confirm that their customers were affected (not confirmed in the source).
• Any further technical details or forensic results from Global-e or independent investigators about how the cloud-based system was breached (not confirmed in the source).
• Potential escalation of phishing campaigns or new fraud patterns targeting affected shoppers and Ledger users (already observed in initial examples).
• Regulatory notifications, enforcement actions or formal investigations into the incident (not confirmed in the source).

Quick glossary

• Hardware wallet: A physical device that stores cryptographic keys offline to secure access to cryptocurrency holdings.
• Phishing: A type of fraud where attackers send deceptive messages to trick recipients into revealing sensitive information or clicking malicious links.
• Recovery phrase: A sequence of words (often 12 or 24) that can restore access to a cryptocurrency wallet if the device is lost or compromised.
• Ecommerce payment platform: A service that enables online merchants to process orders and payments, often handling multi-currency checkout and order data.
• Cloud-based information system: A remotely hosted data storage or application environment that can be accessed over the internet by authorised systems and services.

Reader FAQ

Was any financial or crypto asset data stolen?
Ledger and Global-e say no financial payment details or Ledger recovery phrases were accessed.

What types of customer information were exposed?
Basic personal contact details and order information such as products and prices were accessed.

How many customers were affected?
Not confirmed in the source.

What should customers do now?
Be cautious of unsolicited messages, do not share recovery phrases or scan unknown QR codes, verify emails from no-reply@global-e.com, and report suspicious communications to Ledger support.

Are other brands affected?
Ledger indicated other brands using Global-e may have been impacted; Global-e did not name other clients (not confirmed in the source).

CYBER-CRIME Crypto wallet shop Ledger confirms customer data lifted in Global-e snafu Order and contact details accessed via ecommerce partner, and phishing has begun Connor Jones Tue 6 Jan 2026 // 12:50 UTC Blockchain…

Sources

• Crypto wallet shop Ledger confirms customer data lifted in Global-e snafu
• Global-e Incident to Order Data – January 2026
• Crypto wallet firm Ledger faces new data breach through …
• New Ledger breach didn't steal your crypto, but it exposed …

Related posts

• Students bag extended Christmas break after cyber hit on school IT
• SCiZE’s Classic Warez Filelists: 1997 Scene Releases and Indexes
• Understanding Trump’s ‘Retro’ Coup: Three Keys to Venezuela’s Raid