On 3 July 2026, a ransomware group known as Qilin publicly claimed responsibility for a cyberattack against TQ Financial Services, a financial sector entity. The claim was published on the…
Breach: Addi (34,532,941 accounts) — Age groups, Credit scores, Device information
BREACH. Sourced from hibp, summarised by Matproof.
AI Analysis
What changed and what to do.
On March 25, 2026, a data breach affecting Addi, a fintech platform, was published on Have I Been Pwned, exposing 34,532,941 accounts. The compromised data includes age groups, credit scores, and device information. This incident falls under the BREACH framework, indicating a confirmed and verified breach of personal data.
This breach primarily impacts financial services and fintech organizations, particularly those operating in consumer lending or digital credit assessment. Any entity that relies on similar data categories—such as age demographics, credit scoring, or device fingerprinting—should consider this a material risk indicator. The scale of the breach suggests that affected individuals may now face increased exposure to identity theft, targeted phishing, or credit fraud.
Compliance teams should immediately verify whether their organization has any data-sharing or service relationships with Addi. If so, conduct a Data Protection Impact Assessment and notify relevant supervisory authorities under GDPR Article 33 within 72 hours if there is a risk to data subjects. Additionally, review incident response plans for handling large-scale breaches, and consider updating customer communication templates to address potential phishing campaigns leveraging the exposed data. Finally, reassess third-party vendor risk management processes to ensure similar exposures are mitigated in future.
This summary is AI-generated for orientation purposes. For regulatory action, always consult the original source linked above.
More BREACH updates
Latest in BREACH.
A new ransomware incident has been published on the ransomware.live leak site, attributed to the Qilin group, targeting Md Lewis, a US-based entity. The breach notification, dated July 3, 2026,…
A new ransomware incident has been publicly claimed by the Qilin group, targeting Goodwill Manasota, a US-based consumer services organization. The claim was published on the ransomware.live leak…
On 3 July 2026, a ransomware group known as Qilin publicly claimed responsibility for a cyberattack against Sitmatic, a German technology firm. The incident was published on the ransomware group’s…
Map this to your controls
Connect regulatory changes to your compliance work.
Matproof maps every regulator update directly to your controls and surfaces the ones that affect your organisation — across 21 frameworks.