Russia’s System for Fast Payments (SBP)
September 24, 2025
•[ financial, ddos, finance ]
Ukraines Defense Intelligence Directorate (GUR) conducted a large-scale distributed denial-of-service (DDoS) operation on September 24, 2025, targeting Russias System for Fast Payments (SBP). The attack caused a full nationwide disruption of online payment services for several hours, halting financial transfers and transaction processing across Russian banks. TransTeleComs supporting network infrastructure was also temporarily overloaded during the event.
Prosper
September 1, 2025
•[ hack, finance ]
In September 2025, Prosper announced that it had detected unauthorised access to their systems, which resulted in the exposure of customer and applicant information. The data breach impacted 17.6M unique email addresses, along with other customer information, including US Social Security numbers. Prosper advised that they did not find any evidence of unauthorised access to customer accounts and funds, and that their customer-facing operations were uninterrupted. Further information about the incident is contained in Prosper's FAQs.
Wealthsimple
August 30, 2025
•[ hack, misconfiguration, finance ]
A third-party software component was compromised, leading to unauthorized access to sensitive data of a small subset of Wealthsimple clients. Accounts and funds remained secure. Incident was rapidly contained and clients notified.
Sinqia
August 29, 2025
•[ financial, hack, finance ]
On Aug 29, 2025, attackers used stolen vendor credentials to breach Sinqia's access to Brazils Pix system, attempting $130M in fraudulent transfers. Immediate action halted operations; some funds recovered. No data breach occurred.
Welcome Financial Group
August 21, 2025
•[ ransomware, finance ]
ALPHV/BlackCat claimed responsibility for stealing 1.024 TB of files from Welcome Financial Group, alleging it contained customer data such as names, addresses, and account numbers. The firm countered that only internal documents like meeting records were taken, and that its savings bank unit and customer accounts were not compromised.
Lotte Card
August 14, 2025
•[ hack, leak, finance ]
A cyber breach in mid-August 2025 led to Lotte Cards internal systems being accessed and ~1.7 GB of files stolen. Authorities ordered consumer protection measuresincluding compensation procedures and fraud monitoringwhile investigating whether sensitive customer data was impacted.
Canadian Investment Regulatory Organization (CIRO)
August 11, 2025
•[ hack, finance ]
Cybersecurity breach at CIRO confirmed Aug 11, 2025. Some personal data of member firms and their registered employees were compromised. CIRO continues core surveillance operations, is investigating impact, will notify affected individuals, and provide mitigation.
74 yr old Bank of America customer
August 10, 2025
•[ financial, hack, malware ]
$70,000 drained from a 74-year-old customer's bank account after hackers infected his computer and added themselves as co-owner, temporarily locking him out; media pressure prompted reimbursement
Multiple Crypto Users
August 9, 2025
•[ financial, hack, malware ]
Malicious updates to popular npm packages deployed credential/wallet-stealing malware impacting crypto/DeFi users; community advisories urged halting transactions and rotating secrets; maintainers removed tainted packages; early losses ~$900$1,043 total.
Undisclosed Bank in Asia-Pacific Region
August 1, 2025
•[ financial, malware, finance ]
A financially-motivated crew physically snuck a 4G-equipped Raspberry Pi into an Asia-Pacific banks network, plugging it into the ATM network switch to get remote access past perimeter defenses. Their goal was to reach the ATM switching server and deploy a custom CAKETAP rootkit to approve fraudulent ATM withdrawals; responders interrupted the operation before cash-out
TransUnion
July 28, 2025
•[ hack, misconfiguration, finance ]
Unauthorized access via third-party contractor application used in U.S. consumer support operations enabled viewing and copying of files.
CoinDCX
July 19, 2025
•[ financial, hack, finance ]
CoinDCX, Indias largest crypto exchange, suffered a $44M breach in July 2025 after attackers compromised a backend server connected to a hot wallet. Withdrawals were suspended but later resumed with assurances user funds were safe. Attribution remains undetermined; some analysts suggest Lazarus Group, while Indian police arrested a local engineer tied to suspicious freelance work.
Carter Credit Union
June 25, 2025
•[ hack, finance ]
A cybercriminal infiltrated Carter Credit Unions network between June 25 and July 2, 2025, accessing files containing personal and medical information of approximately 68,934 individuals. Investigations are ongoing, notifications have been sent, and affected members were offered credit monitoring services. Law firms are reviewing legal claims.
Union Home Mortgage Corp.
June 25, 2025
•[ hack, finance ]
Union Home Mortgage Corp. experienced unauthorized access to internal servers, exposing personal and identification data of roughly 24,000 customers. No encryption or ransomware activity was reported.
Viva Health Insurance
June 14, 2025
•[ leak, misconfiguration, healthcare ]
Viva Health, an Alabama-based health insurance company headquartered in Birmingham, experienced exposure of a web-accessible file from June 14 to August 27, 2025. The file contained limited PHI for about 4,945 members and was removed upon discovery. No misuse or encryption was reported.
Farmers Insurance (via third-party vendor)
May 29, 2025
•[ social, phishing, finance ]
Over 1.1 million customers impacted by breach via Salesforce-linked vendor breach. Exfiltration involved social engineering/vishing and malicious OAuth apps, with ShinyHunters and Scattered Spider providing access and exfiltration. Two years of identity protection offered.
Unnamed U.S. Banking Organization
May 9, 2025
•[ social, misconfiguration, finance ]
ReliaQuest links Scattered Spider to renewed activity against U.S. financial services, including a bank intrusion achieved via social engineering + Azure AD SSPR, followed by lateral movement (Citrix/VPN), ESXi compromise, and cloud data access attempts (Snowflake/AWS).
Baltimore Archdiocese (via Stinson LLP & BRG)
February 1, 2025
•[ leak, finance ]
Protected survivor data exposed from law firm (Stinson LLP) and financial advisor (BRG) systems supporting Archdiocese bankruptcy cases
Let's Secure Insurance Brokers
January 27, 2025
•[ ransomware, finance ]
Let's Secure Insurance Brokers is hit with a ransomware attack.
Individual
January 27, 2025
•[ social, phishing, finance ]
Police began investigating when a 90-year-old man told authorities he gave $49,900 to a courier purportedly acting on behalf of PayPal. Victim was deceived via fake PayPal email & link leading to remote access of computer/password theft
