Ledger, a provider of cryptocurrency hardware wallets, has issued a statement to clarify the implications of a data breach that occurred at its e-commerce partner Global-e. The breach, reported in January 2026, involved unauthorized access to certain customer information.

In October 2023, Ledger integrated the Global-e platform, which facilitates cross-border e-commerce but has now been compromised. It’s important to note that the breach did not affect Ledger’s own systems, including its hardware and software.

“Some of the data accessed as part of this incident pertained to customers who made a purchase on Ledger.com using Global-e as a Merchant of Record,” a spokesperson said.

Names and Contact Information Exposed

Reports indicate that the Global-e incident may have exposed personal information, such as names and contact details, of some Ledger users. Ledger emphasized that there was no access to payment information, including credit card or bank account details, nor were user account credentials or passwords compromised.

“We retained independent forensic experts to conduct an investigation into the incident and were able to determine that some personal data, including names and contact information, was affected,” stated Ledger.

Global-e’s Limitations

Ledger reassured users by stating that Global-e does not have access to sensitive data like gender, birth dates, or national identification details. The company’s self-custodial wallets mean that users uniquely hold their private keys, or seed phrases, ensuring the security of their digital assets.

“Global-e does not have access to your 24 words, blockchain balance, or any secrets related to digital assets,” Ledger reiterated, urging customers to remain vigilant against potential phishing attempts.

This incident comes on the heels of other well-known breaches in the crypto industry, reflecting an ongoing trend of cyber threats.

Related Reading: How crypto laws changed in 2025 — and how they’ll change in 2026.