On January 5, 2026, users of the crypto wallet Ledger received an email from Global-e, Ledger's payment partner. In the email, Global-e reported suspicious activity in its cloud system that resulted in a leak of sensitive user data.
News of Ledger’s data breach was first reported by on-chain investigator ZachXBT via Telegram. According to ZachXBT's message, Global-e's message read:
“Global-e recently identified unusual activity on a portion of our network. Immediately after we became aware of the unusual activity in our cloud systems we took action to contain and ultimately secure our systems. We retained independent forensic experts to conduct an investigation into the incident and were able to determine that some personal data including name and contact information were improperly accessed.”
Global-e has made an official statement to explain which types of personal data were leaked due to the attack:
- Name
- Postal address
- Email address
- Phone number
- Order details, such as order number, products purchased, and amount of payment
Global-e explained that the leak has no impact on payment details, such as credit and debit cards, bank account information, account credentials, passwords, etc. This payment processing service provider assured that the situation is contained and all systems are secure.
Ledger has also confirmed the data breach of their third-party payment partner. Ledger assured users that this incident is directly related to Global-e as a third-party partner and has no impact on the operations of Ledger’s products, including its platform, software, and hardware wallet.
Global-e does not have access to cryptocurrency balances, wallet addresses, recovery prhases, or other classified information related to users’ digital assets. So, all cryptocurrencies stored in Ledger’s crypto wallets are not compromised.
Despite that, this attack on Global-e still carries risks. Digital assets stored on Ledger may not be affected, but an attacker with access to sensitive personal data can utilize it for:
- Social Engineering: Attackers use personal information from Global-e’s breach to impersonate a user.
- Phishing: Attackers pose as Ledger or related corporations and send an email requiring users to “verify” or “secure” their account via a fraudulent link.
- Credential Stuffing: Attackers use a combination of email addresses and phone numbers leaked to gain access to user accounts on other platforms.
Global-e’s data breach incident serves as a reminder that maintaining personal data security is just as crucial as securing seed phrases and crypto assets.
Scams continue evolving to be more sophisticated, so having a strong defense is the best offense. Stay vigilant of different types of scams and how to protect yourself from scams in the article What is a Scam? A Complete Guide to Digital & Cryptocurrency Fraud.
