What happened
Customers of cryptocurrency hardware wallet provider Ledger were impacted by a data breach involving third-party e-commerce platform Global-e. The incident exposed customer information including names, phone numbers, and shipping details. Ledger confirmed that its internal systems and hardware wallets were not compromised, stating the breach occurred within Global-e’s environment. The exposed data could be used for phishing, impersonation attempts, or targeted social engineering campaigns against Ledger customers.
Who is affected
Ledger customers whose personal and shipping information was processed by Global-e face increased phishing and fraud risks.
Why CISOs should care
Third-party vendors can expose customer data even when core systems remain secure, expanding organizational risk beyond direct control.
3 practical actions
1. Reassess third-party risk: Review vendor security controls and contractual data-handling obligations.
2. Minimize shared data: Limit the amount of customer data provided to external service providers.
3. Alert customers: Proactively warn users about phishing and impersonation risks.