## Ledger Encounters Data Leak Issue via Payment Provider

Recently, Ledger announced to users that their personal information had been accessed unlawfully through Global-e, a third-party payment processor. This incident has once again raised concerns about data security in the hardware wallet industry.

### System Vulnerability Detected and Rapid Response

Global-e identified unusual activity within its cloud infrastructure. They quickly locked down the entire system and contacted independent legal experts to conduct an investigation. According to reports, the compromised data included customer names and personal contact information. However, Ledger has kept details about the scope of the incident and how the attack occurred confidential.

### The Danger of Personal Information

Although private keys, seed phrases, and users' crypto assets remain secure, the exposure of names and contact information creates another serious threat: phishing attacks. Personal information can be used to persuade users to reveal additional sensitive data or to deliver malicious code.

This is not the first time Ledger has faced a similar issue. In June 2020, a third-party API flaw allowed hackers to access the company's database. That incident exposed approximately 9,500 customer records, including emails, addresses, phone numbers, and names. Subsequently, phishing attackers exploited this information to target dApps like SushiSwap and Zapper, stealing between $484,000 and $600,000 USD in crypto within a few hours.

### Dependence on Third-Party Providers

Ledger relies on external service providers like Global-e to handle payments and manage customer lists. Every new partnership introduces additional risks. This supply chain creates potential security vulnerabilities despite protective measures in place.

### Community Warnings

ZachXBT, a well-known blockchain analyst, previously posted about this incident on X (, formerly Twitter). He warned the community that "no hardware wallet company is completely trustworthy." His recommendation is to use fake information or virtual emails when shopping to minimize the risk of linking personal data with actual crypto assets. What is transformation? In security context, it refers to the ability to convert or conceal identity to protect privacy.

### Lessons from the Incident

The data leak from Global-e serves as a reminder that the security of a hardware wallet is only part of the story. While crypto keys are well protected, users' personal information can still become targets for attackers. In this environment, vigilance and additional protective measures are essential to ensure safety in an increasingly complex crypto world.