Cryptocurrency wallet provider Ledger disclosed a data breach connected to its third-party payment processor Global-e, affecting customer names and contact information. The breach occurred at Global-e's systems, with unauthorized access to order data including information pertaining to customers who made purchases on Ledger.com using Global-e as Merchant of Record.
Ledger stressed that this was not a breach of their platform, hardware, or software systems, which remain secure. As Ledger products are self-custodial, Global-e does not have access to users' 24-word recovery phrases, blockchain balances, or any secrets related to digital assets. This incident follows a pattern of cybersecurity attacks targeting third-party vendors to gain access to their actual targets, with 38% of invoice fraud cases and 43% of phishing attacks stemming from compromised vendors according to recent research.
