Ledger Suffers Data Exposure Through Payment Partner Global-e
Hardware wallet provider Ledger is once again facing scrutiny following a data exposure incident linked to its third-party payment processor, Global-e. The breach, which involved unauthorized access to customer names and contact information, highlights ongoing security challenges within the cryptocurrency ecosystem.
Key Takeaways
- Ledger's payment processor, Global-e, experienced a data breach.
- Customer names and contact details were accessed.
- Ledger emphasizes its own systems remain secure and unaffected.
- This incident follows previous data breaches involving Ledger.
Details of the Breach
Global-e, a payment processor used by Ledger and many other global brands, detected unusual activity within its cloud system. Following an investigation, the company confirmed that unauthorized parties had gained access to order data, which included personal details of Ledger customers who had made purchases through the platform. The exact number of affected customers and the timeframe of the exploit have not been disclosed.
Ledger's Response and Security Assurance
In response to the incident, Ledger clarified that the breach occurred within Global-e's infrastructure and not on Ledger's own platforms, hardware, or software. The company stressed that its core systems, including the security of users' private keys and digital assets, remain intact. Ledger stated that Global-e, acting as the Merchant of Record, is responsible for customer notifications as the data controller. Ledger is collaborating with Global-e to ensure affected users receive relevant information.
Previous Security Incidents
This latest data exposure is not the first time Ledger has been associated with a security incident. In 2020, a significant breach through its e-commerce partner Shopify exposed the data of approximately 270,000 customers. More recently, in 2023, Ledger was involved in an incident where nearly $500,000 was compromised, affecting several decentralized finance applications.
Industry-Wide Challenges
Ledger acknowledged the persistent threats faced by the cryptocurrency industry, stating its commitment to combating malicious actors who attempt to steal user information. The incident underscores the broader challenge of maintaining robust security across complex supply chains involving multiple third-party vendors.