Ledger confirmed that customers who purchased devices via payment processor Global‑e had names and contact details exposed after Global‑e detected unusual cloud activity on Jan 5, 2026. Ledger said firmware, private keys and seed phrases were not compromised but warned affected users face heightened phishing and social‑engineering risk.

Ledger disclosed that a subset of customers who purchased hardware wallets through Global‑e were impacted by a third‑party data exposure after the payment processor detected unusual cloud activity on Jan 5, 2026. The compromised data reportedly included purchasers' names and contact details; Ledger emphasized that wallet firmware, private keys and seed phrases remained secure and were not accessed. Despite no direct compromise of cryptographic secrets, Ledger and security experts warned the leak substantially increases the risk of sophisticated phishing, targeted social‑engineering and impersonation campaigns aimed at tricking affected users into revealing credentials or approving fraudulent transactions. Ledger said it is working with Global‑e to notify impacted customers and urged heightened vigilance: verify any communications through official Ledger channels, avoid clicking unsolicited links, confirm addresses manually, and enable platform security features like two‑factor authentication. The incident highlights the systemic risk posed by breaches at ancillary vendors in the crypto supply chain and reinforces advice to treat unexpected support requests or account‑specific messages with extreme caution while investigations continue.