SEE MATPROOF ON YOUR STACK — BOOK A 30-MINUTE DEMO
BREACHhibp25 Mar 2026

Breach: Addi (34,532,941 accounts) — Age groups, Credit scores, Device information

BREACH. Sourced from hibp, summarised by Matproof.

AI Analysis

What changed and what to do.

On March 25, 2026, a data breach affecting Addi, a fintech platform, was published on Have I Been Pwned, exposing 34,532,941 accounts. The compromised data includes age groups, credit scores, and device information. This incident falls under the BREACH framework, indicating a confirmed and verified breach of personal data.

This breach primarily impacts financial services and fintech organizations, particularly those operating in consumer lending or digital credit assessment. Any entity that relies on similar data categories—such as age demographics, credit scoring, or device fingerprinting—should consider this a material risk indicator. The scale of the breach suggests that affected individuals may now face increased exposure to identity theft, targeted phishing, or credit fraud.

Compliance teams should immediately verify whether their organization has any data-sharing or service relationships with Addi. If so, conduct a Data Protection Impact Assessment and notify relevant supervisory authorities under GDPR Article 33 within 72 hours if there is a risk to data subjects. Additionally, review incident response plans for handling large-scale breaches, and consider updating customer communication templates to address potential phishing campaigns leveraging the exposed data. Finally, reassess third-party vendor risk management processes to ensure similar exposures are mitigated in future.

This summary is AI-generated for orientation purposes. For regulatory action, always consult the original source linked above.

More BREACH updates

Latest in BREACH.

ransomwarelive3 Jul 2026
Ransomware: qilin claims Md Lewis (US) — Not Found

A new ransomware incident has been published on the ransomware.live leak site, attributed to the Qilin group, targeting Md Lewis, a US-based entity. The breach notification, dated July 3, 2026,…

ransomwarelive3 Jul 2026
Ransomware: qilin claims Sitmatic (DE) — Technology

On 3 July 2026, a ransomware group known as Qilin publicly claimed responsibility for a cyberattack against Sitmatic, a German technology firm. The incident was published on the ransomware group’s…

Live regulatory monitoring

Never miss a compliance update.

Get weekly digests of DORA, NIS2, GDPR, MaRisk, and ISO 27001 changes — straight to your inbox. Free.

No spam. Weekly digest only. Unsubscribe anytime.

DORANIS2GDPRMaRiskISO 27001

Map this to your controls

Connect regulatory changes to your compliance work.

Matproof maps every regulator update directly to your controls and surfaces the ones that affect your organisation — across 21 frameworks.