Disclaimer: Information found on CryptoreNews is those of writers quoted. It does not represent the opinions of CryptoreNews on whether to sell, buy or hold any investments. You are advised to conduct your own research before making any investment decisions. Use provided information at your own risk.
CryptoreNews covers fintech, blockchain and Bitcoin bringing you the latest crypto news and analyses on the future of money.
The cryptocurrency wallet company Ledger is experiencing a breach of customer information via the payment processor Global-e.
Ledger is addressing a recent data exposure issue involving its third-party payment processor, Global-e.
Ledger faces data breach. (Mika Baumeister/Unsplash)
What to know:
- Ledger is addressing a recent data exposure issue involving its third-party payment processor, Global-e.
- Unauthorized access to personal details of Ledger users was discovered, including names and contact information.
- The total number of affected clients has not been made public.
Hardware wallet leader Ledger is contending with a data exposure incident, this time associated with its third-party payment processor, Global-e.
An email alert sent to customers by Global-e and first shared by anonymous blockchain investigator ZachXBT on X indicated that the breach involved unauthorized access to the personal details of Ledger users, such as names and contact information from Global-e’s cloud infrastructure.
STORY CONTINUES BELOWDon’t miss another story.Subscribe to the Crypto Daybook Americas Newsletter today. See all newslettersSign me up
The email did not reveal the number of clients impacted or specify when the breach took place.
In 2020, Ledger faced a data breach that exposed the information of 270,000 customers through its e-commerce partner Shopify. In 2023, Ledger suffered a hack resulting in losses of nearly $500,000, affecting several decentralized finance applications.
Global-e reported that it identified unusual activity and promptly enacted controls while initiating an investigation, which confirmed the unauthorized access.
“We engaged independent forensic experts to conduct an investigation into the incident and were able to ascertain that some personal data, including name and contact information, was improperly accessed,” it stated in the email.
Ledger’s social media platforms indicate no ongoing incidents, although they stress the importance of remaining cautious.
In a response email to CoinDesk, Ledger highlighted that the breach originated at Global-e, specifying that the payment processor was responsible for sending the customer notification as it is the data controller.
“Ledger was informed of an incident at Global-e, an e-commerce partner for global brands and retailers, including Ledger,” the company communicated to CoinDesk. “This incident involved unauthorized access to order data within Global-e’s information systems. Some of the data accessed pertained to customers who made purchases on Ledger.com using Global-e as a Merchant of Record.
“This was not a breach of Ledger’s platform, hardware, or software systems, which remain secure. To clarify, since the Ledger product is self-custodial, Global-e does not have access to your 24 words, blockchain balance, or any secrets related to digital assets,” it explained.
Ledger clarified that customers’ payment information was not compromised in the breach and it is collaborating with Global-e to inform affected users with pertinent details. It added that Ledger was not the only brand impacted – an unauthorized entity also accessed a Global-e cloud system containing shopper order data from multiple other brands.
“We stand united with the industry in the fight against hackers and malicious actors who are continually attempting to steal users’ information within the ecosystem and the broader e-commerce space,” Ledger asserted.
CORRECT (Jan. 5, 12:47 UTC): Amends email sender to Global-e, an earlier version of the story incorrectly stated it had been sent by Ledger. Adds Ledger confirmation, comment.
