TL;DR: On January 5, 2026, Ledger confirmed that customer order data was exposed through a breach at Global-e, their e-commerce partner. Exposed data includes names, postal addresses, email addresses, phone numbers, and order details (what you bought and how much you paid). Your crypto is safe (the breach didn't affect wallet keys or balances), but scammers now know you own a hardware wallet and where you live. Targeted phishing campaigns are already underway. If you bought a Ledger, watch for fake emails asking for your recovery phrase.
What Happened
Ledger wasn't directly hacked. Their e-commerce partner Global-e was.[1]
Global-e processes online transactions for Ledger.com and many other brands. Attackers gained "unauthorized access" to Global-e's cloud-based information system, exposing customer data from multiple retailers.[2]
Global-e began notifying affected customers on January 5, 2026, via email from "[email protected]" with subject line: "An important notification from Global-e regarding unauthorized access to data."[3]
If you bought a Ledger device directly from their website, your purchase information was likely processed through Global-e. That data is now compromised.
What Was Exposed
Personal Information
Names, postal addresses, email addresses, and phone numbers
Order Details
Order numbers, products purchased, prices paid
NOT Exposed
Payment card details, bank account info, crypto keys, wallet balances, recovery phrases
Your actual cryptocurrency is safe. Hardware wallets keep private keys offline. The breach has nothing to do with blockchain security.
But the exposed information is still dangerous.
Why This Is Dangerous
Ledger customers own cryptocurrency. Attackers now know:
- Your name: They can address you personally in phishing emails
- Your home address: Physical targeting becomes possible
- Your phone number: Expect scam calls and SMS phishing
- What you bought: They know you have a hardware wallet and likely significant crypto holdings
This isn't theoretical. After Ledger's 2020 data breach, customers received:
- Fake Ledger devices mailed to their homes with malware
- Threatening phone calls demanding crypto ransom
- Physical home visits by criminals
- Sophisticated phishing emails perfectly mimicking Ledger
The same playbook will happen again. It's probably already starting.[4]
Phishing Already Underway
Security researchers have already spotted phishing campaigns targeting Ledger users:[5]
- Fake merger emails: Messages claiming Ledger is merging with Trezor and users must "migrate" their wallets
- Recovery phrase requests: Fraudulent sites asking users to enter their 24-word seed phrases
- Fake security alerts: Emails warning about the breach and directing to malicious "security check" sites
Remember: Ledger will NEVER ask for your recovery phrase. Not by email. Not by phone. Not by letter. Not for any reason.
Anyone asking for your recovery phrase is trying to steal your crypto. Full stop.
This Isn't Ledger's First Breach
Ledger has had data security issues before:
- June 2020: Marketing database breached, 1 million email addresses and 272,000 shipping addresses exposed
- December 2020: Full breach data dumped publicly, leading to widespread phishing and physical threats
- January 2026: This breach, through e-commerce partner Global-e
After the 2020 breach, Ledger faced class action lawsuits and significant customer backlash. They promised improved security. Now customer data has leaked again, this time through a third-party partner.
The Third-Party Problem
Ledger wasn't directly hacked. Global-e was.
This highlights a common security problem: your data is only as secure as the weakest link in the chain. Ledger can have excellent security, but if their e-commerce processor gets breached, your data still leaks.
Global-e also serves numerous other brands. Ledger wasn't the only company whose customers were affected. This is a supply chain attack affecting multiple retailers.[2]
When you buy from any online store, your data flows through payment processors, shipping partners, analytics services, and more. Each is a potential breach point.
What You Should Do Now
Never Share Recovery Phrase
Your 24-word recovery phrase NEVER needs to be entered anywhere online. Anyone asking for it is a scammer. No exceptions.
Watch for Phishing
Treat all Ledger-related emails with extreme suspicion. Go directly to ledger.com. Never click email links. Enable Ledger Live notifications only.
Be Wary of Phone Calls
Scammers have your phone number. Ledger will never call you. Hang up on anyone claiming to be from Ledger support.
Physical Security
Attackers know your address. Be alert to unexpected packages or visitors. Consider if your physical security is adequate.
Additional protective steps:
- Set up email filtering: Create rules to flag emails mentioning Ledger for manual review
- Change associated passwords: If you reused passwords, change them everywhere
- Monitor your accounts: Watch for unauthorized access attempts
- Consider a dedicated email: For future crypto purchases, use an email address not linked to your identity
The Bigger Picture
Every crypto purchase creates a paper trail. Even for hardware wallets designed to provide security, the act of buying one creates data that can be breached.
Options for more private hardware wallet acquisition:
- Buy in person: Cash purchases at crypto meetups or retailers
- Use a PO Box: Don't link purchases to your home address
- Pseudonymous email: Don't use your real name in the email address
- Pay with crypto: Some vendors accept cryptocurrency, reducing payment data exposure
These steps aren't paranoid. They're reasonable given that Ledger customer data has now leaked twice in five years.
When you buy a security device, the purchase itself shouldn't make you less secure. But in 2026, that's exactly what's happening.
References
- Ledger - Security Incident Notice: Global-e
- The Register - Ledger Customer Data Exposed Through E-Commerce Partner Breach
- Bleeping Computer - Ledger Data Exposed in Global-e Breach
- Crowdfund Insider - Ledger Breach Leads to Phishing Campaigns
- Crypto Potato - Ledger Phishing Campaign Uses Fake Trezor Merger