Overview
- Global‑e detected unusual activity in its cloud order systems, contained the incident, and began notifying affected shoppers on January 5.
- Exposed information includes names, addresses, emails, phone numbers, and order details, while payment data, recovery phrases, private keys, and crypto balances were not accessed.
- Ledger says its hardware, software, and platform were not breached, and notes that Global‑e acted as merchant of record and data controller for the impacted transactions.
- Global‑e’s system held order data for multiple retailers beyond Ledger, and neither company has disclosed how many customers were affected.
- Blockchain investigator ZachXBT first surfaced the customer notification emails publicly, and users are being urged to treat unsolicited messages with caution and never share their 24‑word seed phrase.