The ledger isn't really safe from the recent articles surfacing about the company which had a major data breach back in July of this year. Yet they hadn't done much to secure their devices nor protect their customers.
Could these email addresses that had been published to a subsequent forum be used to get those ledger users to click on link so whenever they connect their ledger to their pc to upgrade or whatever they want to do with it, it copies an address which is the hackers deposit address instead?
Who knows but that's what it sounds like happened to your crypto located on this so called secure wallet according to ledger.