Ledger Crypto Wallet Data Breach: Customer Info Exposed via Global-e Payment Processor

Hardware wallet manufacturer Ledger has notified customers of a data breach involving their personal information. The security incident did not compromise users' cryptocurrency funds or private keys, which remain secure on the devices. The breach occurred through a third-party payment processing partner, Global-e, on June 25, 2024. According to the official communication, a hacker exploited a vulnerability in Global-e's system, gaining access to a database containing the personal data of Ledger customers who made purchases through the company's website between 2020 and 2021. The exposed information includes names, email addresses, shipping addresses, and phone numbers. Ledger emphasized that its own security systems and hardware wallets were not breached. The company has reported the incident to the French data protection authority (CNIL) and is working with law enforcement. Affected users are being contacted directly and advised to be vigilant against potential phishing attempts using the stolen data.