Addi Breach Details
Domain: addi.com
Breach Date: 25 March 2026
In March 2026, the Colombian fintech company Addi identified unauthorised activity on its platform and advised customers that "it is possible that your personal information may have been compromised". The "pay or leak" extortion group ShinyHunters subsequently claimed responsibility and published a large trove of personal data allegedly obtained from Addi. The data included 34M unique email addresses from credit scoring requests, credit bureau records, customer identity records and email validation logs. It also contained government issued IDs (Cédula de Ciudadanía), estimated income, socioeconomic levels, purchases and other credit-related data points.
Breached Data:
• Age groups
• Credit scores
• Device information
• Email addresses
• Government issued IDs
• Income levels
• IP addresses
• Latitude and longitude pairs
• Names
• Phone numbers
• Physical addresses
• Purchases
• Socioeconomic levels
Check Email Address
Breach Date: 25 March 2026
In March 2026, the Colombian fintech company Addi identified unauthorised activity on its platform and advised customers that "it is possible that your personal information may have been compromised". The "pay or leak" extortion group ShinyHunters subsequently claimed responsibility and published a large trove of personal data allegedly obtained from Addi. The data included 34M unique email addresses from credit scoring requests, credit bureau records, customer identity records and email validation logs. It also contained government issued IDs (Cédula de Ciudadanía), estimated income, socioeconomic levels, purchases and other credit-related data points.
Breached Data:
• Age groups
• Credit scores
• Device information
• Email addresses
• Government issued IDs
• Income levels
• IP addresses
• Latitude and longitude pairs
• Names
• Phone numbers
• Physical addresses
• Purchases
• Socioeconomic levels
Check Email Address
