Ledger / Global-e
Analysis of the Ledger/Global-e breach exposing crypto wallet customer data including physical addresses and order details.
Published by the Scrutex.ai Research Team | January 2026
Disclaimer
This advisory is provided for informational and educational purposes only by the Scrutex research team. It is based entirely on publicly available reporting from the sources cited below. Where details are unconfirmed or disputed by the affected organisation, this is noted explicitly. Scrutex does not independently verify internal claims made by affected organisations or threat actors. This advisory should not be interpreted as a confirmed statement of fact regarding any organisation's security posture. Organisations concerned about their own exposure should conduct independent assessments and seek professional legal advice.
At a Glance
Organisation
Ledger / Global-e
Ledger is a French cryptocurrency hardware wallet manufacturer; Global-e is an e-commerce fulfilment partner handling order processing and shipping for Ledger's online store.
Sector
Fintech / Cryptocurrency
Region
Global
Date of Incident
Prior to January 2026 (via Global-e systems)
Date Disclosed
January 2026
Estimated Impact
Unknown (potentially millions)
Data Types Exposed
Names, physical addresses, email addresses, phone numbers, order details including product types and quantities
Attack Type
Third-party Exposure
Attack Vector
Breach at e-commerce partner Global-e exposing Ledger customer order data
Current Status
Under investigation. This is Ledger's second major customer data exposure after the 2020 incident.
Severity Assessment
Critical due to physical safety implications. Order details for cryptocurrency hardware wallets create a target list of confirmed crypto holders with known physical addresses, enabling physical robbery and extortion.
What Happened
In January 2026, customer data from Ledger, the cryptocurrency hardware wallet manufacturer, was exposed through a breach at its e-commerce partner Global-e.
The compromised data includes names, addresses, emails, phone numbers, and order details. Order details confirm recipients own crypto hardware, making them targets for robbery or extortion. This is Ledger's second major customer data exposure after the 2020 incident.
Timeline
January 2026
Ledger customer data exposed through breach at e-commerce partner Global-e
January 2026
Ledger confirms the incident and begins notifying affected customers
Impact and Risk Assessment
For Affected Individuals
Order details for cryptocurrency hardware wallets essentially confirm that recipients hold cryptocurrency, combined with their physical home addresses. This creates documented cases of physical robbery and extortion targeting crypto holders.
This is Ledger's second customer data exposure, compounding risk for customers who were also affected by the 2020 breach.
For Organisations
Ledger faces significant reputational damage from a second customer data exposure in five years, undermining trust in a company whose core product is security.
Global-e faces scrutiny over the security of its e-commerce fulfilment systems that handle data for security-sensitive products.
Regulatory Context
GDPR applies to Ledger as a French company. CCPA and other state laws apply for US customers. The recurring nature of data exposures may draw additional regulatory scrutiny.
What Should You Do?
If You Are a Potentially Affected Individual
If you have purchased a Ledger device, be aware that your physical address and purchase details may have been exposed. Exercise heightened physical security awareness.
Be extremely cautious of unsolicited communications claiming to be from Ledger. The company will never ask for your recovery phrase.
Consider using a PO box or business address for future cryptocurrency-related purchases.
If You Are a Security or Risk Professional
Organisations selling security-sensitive products should apply enhanced security requirements to their e-commerce supply chain, including fulfilment partners.
Consider whether order data for security products should be retained by fulfilment partners after shipping is complete, applying data minimisation principles.
Learnings and Recommendations
Order details for cryptocurrency hardware wallets essentially create a target list of crypto holders with known physical addresses. This data combination creates physical safety risks.
Ledger's second customer data exposure in five years highlights persistent challenges in securing e-commerce supply chains for products that signal ownership of high-value digital assets.
Sources
This advisory is provided for informational purposes by the Scrutex.ai research team. It is based on publicly available reporting from the sources cited above. Where details are unconfirmed or disputed, we have noted this accordingly. Scrutex.ai does not independently verify internal claims made by affected organisations. Organisations concerned about their own exposure are encouraged to conduct their own assessments and seek professional advice where needed.
Stay ahead of the next breach
Scrutex monitors dark web sources, breach databases, and threat actor activity continuously, detecting exposure that affects your organisation before it becomes a headline.