The Third and Fourth‑Party Wake‑Up Call of 2026

In early January 2026, Ledger, the globally recognized manufacturer of crypto hardware wallets, revealed that its third‑party payment processor, Global‑e, suffered a security incident exposing customer names and contact information for individuals who had purchased devices through Ledger.com. Global‑e is a major cross‑border e‑commerce platform powering checkout workflows for hundreds of global brands, making it a classic example of a high‑volume third‑party dependency with deep access. 

This incident underscores a growing trend: attacks are shifting from primary targets to the third and even fourth parties that quietly handle data in the background. In this case, Ledger itself was not breached, but its customers were still impacted

What the numbers show us:

1. 100% of affected data flowed through a single third‑party processor

2. Names + contact info were exposed data that can seed phishing, account takeover attempts

3. This is part of a broader pattern: 63%+ of major January 2026 disclosures involved a third‑party or supply‑chain element, including CIRO (750,000 people impacted) and Brightspeed (1M+ customers at risk)

3rd & Fourth‑Party Risks:

What happens when your vendor’s vendors introduce exposure? Global‑e relies on its own cloud providers, payment gateways, anti‑fraud systems, and infrastructure partners. Each link becomes a potential compromise point a new attack vector. Most organizations never map fourth‑party relationships, yet attackers/hackers have learned that these indirect access paths offer:

1. Lower detection rate

2. Higher privileges than expected

3. Broader reach across multiple companies at once (why hack 1k companies when 1 company gives me access to 10k companies)

4. This is how an attacker touching one service provider can ripple across dozens or hundreds of brands/companies simultaneously

5. Fourth‑party opacity, most companies cannot identify the underlying vendors handling their customers’ data

6. Data over‑retention, vendors often store more customer data than operationally necessary

What are your action items:

1. Demand SBOM (Software Build of Materials) style vendor dependency maps identifying third and fourth-party connections

2. Enforce least privilege data sharing with vendors

3. Make continuous monitoring mandatory, not annual and have it in your vendor contracts

4. Require vendors to maintain MFA, encryption, and breach‑notification SLAs aligned to your risk tolerance

The lesson is why would hackers hack 1,000 companies when you can get access to 10,000 by hacking 1