Ledger is informing some customers that their personal data has been exposed after hackers breached the systems of third-party payment processor Global-e.
In a statement for , the blockchain company underlines that its network has not been impacted and that the platform’s hardware and software systems remain secure.
“Some of the data accessed as part of this incident pertained to customers who purchased on Ledger.com using Global-e as a Merchant of Record,” the company told .
Out of an abundance of caution, Ledger, the maker of the namesake self-custodial hardware wallets, is warning its customers that the third-party data breach exposed their names and contact information.
On-chain investigator ZachXBT published a community alert with the email notification from Global-e:
.png)
The Global-e platform handles checkout, order processing, localization, taxes, duties, and compliance for multiple online retailers and brands. Among its customers are Bang&Olufsen, adidas, Disney, Givenchy, Hugo Boss, Ralph Lauren, Michael Kors, Netflix, and M&S.
These services require storing customer order data, though Ledger specified that the exposed details do not include financial information.
According to Ledger, the hackers had access to order data present on Global-e’s systems. However, neither Global-e nor Ledger had access to customers’ 24-word seed phrases for accessing the crypto wallet, the blockchain balance, or any secrets related to digital assets.
“Importantly, no payment information was involved,” the company said, noting that attackers may try to target customers in phishing campaigns designed to steal their passphrases.
“We encourage everyone to be alert to any potential phishing campaigns, never disclose their 24 words, and always Clear Sign transactions where possible.” – Ledger
It was also specified that Ledger was not the only brand whose customer data was affected, and that the unauthorized party gained access to a Global-e cloud-based information system containing shopper order data from several brands.
reached out to Global-e to learn more about the incident and the affected brands. The company replied after publishing time saying that it isolated and secured affected systems immediately after becoming aware of the threat activity in its cloud environment.
Global-e is “currently notifying all potentially affected individuals and relevant regulators directly.” The payment processor highlighted that no payment information or account credentials were compromised.
Ledger says that affected users will receive direct communication from Global-e about the incident and its impact. They are recommended to contact Global-e for more details.
Update [January 5th, 14:22 EST]: Article updated to include information that Global-e sent to after publishing time, and to correct that the notification shared by ZachXBT came from Global-e, not Ledger.
.ia_ad {
background-color: #f0f6ff;
width: 95%;
max-width: 800px;
margin: 15px auto;
border-radius: 8px;
border: 1px solid #d6ddee;
display: flex;
align-items: stretch;
padding: 0;
overflow: hidden;
}
.ia_lef {
flex: 1;
max-width: 200px;
height: auto;
display: flex;
align-items: stretch;
}
.ia_lef a {
display: flex;
width: 100%;
height: 100%;
}
.ia_lef a img {
width: 100%;
height: 100%;
border-radius: 8px 0 0 8px;
margin: 0;
display: block;
}
.ia_rig {
flex: 2;
padding: 10px;
display: flex;
flex-direction: column;
justify-content: center;
}
.ia_rig h2 {
font-size: 17px !important;
font-weight: 700;
color: #333;
line-height: 1.4;
font-family: Georgia, “Times New Roman”, Times, serif;
margin: 0 0 14px 0;
}
.ia_rig p {
font-weight: bold;
font-size: 14px;
margin: 0 0 clamp(6px, 2vw, 14px) 0;
}
.ia_button {
background-color: #FFF;
border: 1px solid #3b59aa;
color: black;
text-align: center;
text-decoration: none;
border-radius: 8px;
display: inline-block;
font-size: 16px;
font-weight: bold;
cursor: pointer;
padding: 10px 20px;
width: fit-content;
}
.ia_button a {
text-decoration: none;
color: inherit;
display: block;
}
@media (max-width: 600px) {
.ia_ad {
flex-direction: column;
align-items: center;
}
.ia_lef {
max-width: 100%;
}
.ia_lef a img {
border-radius: 8px 8px 0 0;
}
.ia_rig {
padding: 15px;
width: 100%;
}
.ia_button {
width: 100%;
margin: 0px auto;
}
}
7 Security Best Practices for MCP
As MCP (Model Context Protocol) becomes the standard for connecting LLMs to tools and data, security teams are moving fast to keep these new services safe.
This free cheat sheet outlines 7 best practices you can start using today.
Comments