Crypto wallet company Ledger SAS confirmed today a data breach to a third-party leaked customer data, including names and contact information.
Customers received an email from Global-e Online Ltd., an end-to-end e-commerce platform used by Ledger to sell its devices informing them of the data breach.
“Ledger was made aware of an incident at Global-e, an e-commerce partner for global brands and retailers, including Ledger,” the company told CoinDesk. “This incident consisted of unauthorized access to order data in Global-e information systems. Some of the data accessed as part of this incident pertained to customers who made a purchase on Ledger.com using Global-e as a Merchant of Record.”
The company stressed that it was not a breach of the Ledger platform, hardware or software. It also went on to say that it does not affect the security of the company’s devices or the security of crypto assets stored by customers.
Ledger sells hardware crypto wallets that allow users to securely maintain their own store of cryptocurrency and other crypto assets, such as bitcoin, Ethereum and nonfungible tokens. Users maintain complete control over their currency that is secured with a 24-word recovery code. The company also provides an app called Ledger Live, allowing users to manage, buy and swap assets.
Global-e and other merchants do not have access to these security capabilities, the service or the device itself.
The email sent from Global-e was initially reported by ZachXBT on X.
Global-e stated that it “identified unusual activity on a portion of our network,” and after becoming aware immediately took action to contain the breach and secure its systems. The company said it determined that an unknown third-party had copied some personal data, including name and contact information – names, postal addresses, email addresses, telephone numbers and order details (such as order number, product purchased, and price paid). No payment information (including credit card or bank account information) or account credentials were accessed as part of the breach.
Ledger previously suffered a major data breach in 2020 associated with the company’s marketing and e-commerce database affecting around 272,000 customers. The same year, Shopify, one of Ledger’s e-commerce service providers, revealed that a rogue employee leaked data from around 292,000 customers.
In these cases, attackers also obtained customer names, emails, addresses and phone numbers.
In the wake of the incident, Ledger recommended customers follow general security best practices, including not sharing their security secrets or any confidential information with anyone. The release of personal data, including contact information, may result in the rise of phishing attacks, where a malicious party pretends to be Ledger or a merchant itself in order to gain access to the customer’s account.
Image: Ledger
Support our mission to keep content open and free by engaging with theCUBE community. Join theCUBE’s Alumni Trust Network, where technology leaders connect, share intelligence and create opportunities.
- 15M+ viewers of theCUBE videos, powering conversations across AI, cloud, cybersecurity and more
- 11.4k+ theCUBE alumni — Connect with more than 11,400 tech and business leaders shaping the future through a unique trusted-based network.
About News Media
Founded by tech visionaries John Furrier and Dave Vellante, News Media has built a dynamic ecosystem of industry-leading digital media brands that reach 15+ million elite tech professionals. Our new proprietary theCUBE AI Video Cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.
