A recent data breach at Global-e, a third-party payment processor used by Ledger, exposed customer names and contact information. According to reports, the breach did not compromise payment cards, passwords, or recovery phrases. However, the exposed data, including names, postal addresses, emails, phone numbers, and order details, could be used for phishing attacks or, in rare cases, home invasions. This "commerce-stack breach" provided attackers with a contact list of confirmed hardware wallet owners. A similar incident occurred in June 2020, where a misconfigured API key exposed a million email addresses and 272,000 records with full names and addresses. These data leaks can lead to scams, fake breach notices, and even physical threats.

A recent data breach at Global-e, a third-party payment processor used by Ledger, exposed customer names and contact information. According to reports, the breach did not compromise payment cards, passwords, or recovery phrases. However, the exposed data, including names, postal addresses, emails, phone numbers, and order details, could be used for phishing attacks or, in rare cases, home invasions. This "commerce-stack breach" provided attackers with a contact list of confirmed hardware wallet owners. A similar incident occurred in June 2020, where a misconfigured API key exposed a million email addresses and 272,000 records with full names and addresses. These data leaks can lead to scams, fake breach notices, and even physical threats.