A recent data breach at Global-e, a third-party payment processor used by Ledger, has exposed customer information, including names, contact details, and addresses. According to reports, while no payment cards, passwords, or recovery phrases were compromised, the leaked data poses risks. The information can be used for targeted phishing attacks and, in rare cases, physical threats. This "commerce-stack breach" did not affect cryptographic keys or device security but provided attackers with valuable user data. A previous breach in 2020 led to similar scams, including fake breach notices and extortion attempts. The persistence of leaked PII means users remain vulnerable to ongoing threats, such as tampered devices and fraudulent communications.

A recent data breach at Global-e, a third-party payment processor used by Ledger, has exposed customer information, including names, contact details, and addresses. According to reports, while no payment cards, passwords, or recovery phrases were compromised, the leaked data poses risks. The information can be used for targeted phishing attacks and, in rare cases, physical threats. This "commerce-stack breach" did not affect cryptographic keys or device security but provided attackers with valuable user data. A previous breach in 2020 led to similar scams, including fake breach notices and extortion attempts. The persistence of leaked PII means users remain vulnerable to ongoing threats, such as tampered devices and fraudulent communications.