Ledger is addressing a new customer data exposure incident after unauthorized access was detected within systems operated by its third party payment processor. The issue was linked to infrastructure managed by Global-e, which acts as a merchant of record for international purchases on Ledger’s online store. According to notifications sent to affected users, certain personal details including names and contact information were accessed without authorization. The scope of the exposure has not been fully disclosed, and neither Ledger nor the payment processor has specified how many customers were impacted or when the incident occurred. The development has renewed scrutiny around third party risk in the crypto hardware sector, particularly as security focused products increasingly rely on external partners for payments and logistics.

The payment processor said it identified unusual activity within its cloud environment and implemented immediate controls before launching an internal investigation. Independent forensic experts were brought in to assess the incident and confirmed that some customer order data was improperly accessed. Ledger later clarified that the breach did not involve its own systems, emphasizing that its hardware devices, software infrastructure and self custodial security model remain intact. The company also stressed that sensitive information such as recovery phrases, wallet balances or private keys were not exposed. Payment details were likewise not compromised, as the accessed data was limited to basic customer information associated with orders processed through the third party platform.

The incident follows earlier security challenges faced by Ledger in previous years, underscoring the persistent risks tied to data handling across the broader e-commerce and digital asset ecosystem. Ledger said it is working closely with Global-e to notify impacted users and provide guidance on protective steps, while monitoring for any signs of misuse. The company also noted that the breach affected multiple brands using the same payment processor, not Ledger customers alone. As crypto adoption grows and hardware wallets play a larger role in safeguarding digital assets, incidents involving ancillary service providers continue to highlight the importance of comprehensive security practices beyond core product design.