Ledger says Global-e breach exposed some customer order data, not wallets

Ledger said a recent data incident at its e-commerce partner Global-e involved unauthorized access to order data that affected some Ledger customers, but did not involve a breach of Ledger’s platform or its hardware and software. Global-e, which Ledger integrated in October 2023, experienced unauthorized access to order data in its information systems, Ledger told Cointelegraph.

“Some of the data accessed as part of this incident pertained to customers who made a purchase on Ledger.com using Global-e as a Merchant of Record,” a Ledger spokesperson said. Social media reports and a Ledger statement to affected customers indicated some personal information, including names and contact details, was exposed.

Ledger said it retained independent forensic experts and determined that payment information, account credentials or passwords were not accessed. The company also noted Global-e does not hold sensitive personal data such as gender, date of birth or government ID numbers. Ledger reiterated that Global-e does not have access to users’ private keys or seed phrases, saying “Global-e does not have access to your 24 words, blockchain balance, or any secrets related to digital assets,” and urged users to be alert to potential phishing.

The company said the unauthorized party gained access to a Global-e cloud-based information system containing shopper order data from several brands and that it is working with Global-e to notify impacted users and inform them of protective steps.

Key Topics

Crypto, Ledger, Global-e, Hardware Wallet, Seed Phrase, Order Data