Crypto wallet shop Ledger confirms customer data lifted in Global-e snafu

Order and contact details accessed via ecommerce partner, and phishing has begun

by · The Register

Blockchain security biz Ledger says customer information was accessed in a breach at its ecommerce payment partner Global-e, and is warning that other brands using the platform may also be affected.

The number of customers impacted is not confirmed, but Ledger said basic personal information - name and contact data - was exposed, as were order details including products and prices.

Both Ledger and Global-e said there is no impact on financial data or cryptocurrencies, and that details such as passwords or 24-word Ledger recovery phrases are unaffected.

Global-e, which Ledger uses so that customers can purchase products in their local currency, started sending emails to affected customers on January 5, saying it does not store sensitive details - things like government IDs - since they are not used for order fulfilment.

The company did, however, warn that Ledger customers should be vigilant to potential phishing attacks.

Global-e stated in its fact sheet: "Though only limited contact details were improperly accessed due to this incident, out of an abundance of caution we encourage you to remain vigilant to any suspicious or unsolicited communications, including emails, phone calls, text messages or instant messages that reference online orders, and avoid clicking on suspicious links.

"Note that such suspicious communications may try to impersonate either one of the online brands we support or Global-e, however, neither of us will ever contact you requesting your information via text message or phone call. If you suspect that it is a phishing attempt, report it as spam, and block the sender."

Professional scam-hunter NanoBaiter shared on social media an early example of how cybercriminals have already capitalized on the breach.

The email, ostensibly from "Katie at E-Global," is addressed to "Ledger User" and contains a link encouraging victims to learn more about how a recent update improves Ledger device security.

Potentially affected customers were warned that official notifications came from no-reply@global-e.com, and to check that this address matches before clicking any links they receive.

Ledger also warned customers to be extremely suspicious if any physical package or so-called replacement Ledger devices arrive at their door.

It said: "Ledger will never send physical items or ask you to scan QR codes, visit websites, or share your 24-word recovery phrase.

"Do not follow any instructions, do not scan anything, and never share your recovery phrase. Take photos and report the incident through Ledger's official support channels.

"If you ever receive a device and are unsure about it, you can verify it by running the Ledger Genuine Check in Ledger Wallet, which verifies whether a device is authentic and untampered with. Your funds remain safe as long as your recovery phrase has not been shared."

Ledger, based in France, offers a wide range of blockchain-related products, from electronic wallets and backup solutions, to physical devices such as hardware wallets and signers for transaction security.

If customers were to link a compromised signing device, it could potentially lead to their accounts and wallets being taken over by criminals.

More to come?

At the time of writing, Ledger is the only company to come forward and acknowledge its customers being affected by the attack on Global-e.

However, in its own fact sheet about the breach, it suggested other brands could have been caught up too.

"Ledger was not the only brand whose customer data was affected," the company stated. "The unauthorized party gained access to a Global-e cloud-based information system containing shopper order data from several brands.

"Ledger takes data security seriously, and when informed by Global-e of the security incident, Ledger worked with Global-e to help it notify impacted Ledger users with information relevant to them."

Global-e made no direct reference to any of its other clients also being implicated, although it said in an email to affected customers that the attack pertained to "one or more brands you have purchased on their web-store recently."

The company claims on its website that it provides services to more than 1,000 brands across 200 plus markets worldwide.

Listed among its more high-profile clients are high fashion brands Burberry, Hugo Boss, and Ralph Lauren, as well as the likes of Netflix, M&S, Adidas, the Wimbledon tennis championships, and the Disney Store.

The Register contacted Global-e for more information, but it provided nothing that was not already included in its fact sheet. ®

Hong Kong’s newest anti-scam technology is over-the-counter banking: Funds in ‘Money Safe’ accounts are only available when customers appear for face-to-face verificationSimon Sharwood, 31 Dec 2025Crims disconnect Wired subscribers from their privacy, publish deets online: Extortion group Lovely claims to have stolen 40 million pieces of info from publisher Conde NastO'Ryan Johnson, 29 Dec 2025From AI to analog, cybersecurity tabletop exercises look a little different this year: Practice makes perfectJessica Lyons, 26 Dec 2025Pen testers accused of 'blackmail' after reporting Eurostar chatbot flaws: AI goes off the rails … because of shoddy guardrailsJessica Lyons, 24 Dec 2025