Ledger, the well-known manufacturer of cryptocurrency hardware wallets, is currently addressing a data exposure incident stemming from a breach at Global-e, its third-party payment processor. The company is reassuring users that despite the incident, their crypto wallets and private keys remain secure.

Global-e, which partners with Ledger to streamline online purchases by offering options like local currency payments, detected unusual activity within its cloud systems. An investigation confirmed that unauthorized access led to the compromise of some customer data, specifically names and contact information.

Ledger has emphasized that the breach did not originate within its own systems. The company maintains that its hardware wallets, software, and platforms remain secure, and that Global-e does not have access to sensitive information like recovery phrases, wallet balances, or other data related to digital assets.

The incident is a stark reminder of a similar data breach Ledger experienced in 2020, where information of approximately 270,000 customers was exposed through its e-commerce partner, Shopify. Following that breach, users were targeted by phishing attacks.

In light of the recent Global-e incident, security specialists are advising Ledger customers to be vigilant against potential phishing attempts. They recommend caution regarding unsolicited communications, such as emails or text messages referencing Ledger, and urge users to avoid clicking on any links or sharing their recovery phrases under any circumstances. Verifying the source of any requests for sensitive information is crucial to prevent falling victim to scams.

Global-e has stated that it is working with forensic experts to investigate the breach and contain the damage. The company has not yet disclosed the exact number of users affected or the specific timeline of the unauthorized access.

Ledger has been collaborating with Global-e throughout the response process. The company is also advising users to consider using Clear Signing transactions where possible and utilizing Transaction Check when submitting transactions on the blockchain.

This incident highlights the cybersecurity risks associated with third-party vendors in the e-commerce space. While payment card information and banking details were reportedly not exposed, the breach of customer names and contact details can be exploited by malicious actors for targeted phishing campaigns. Ledger is working to inform affected users and reinforce security measures to protect its customer base.