23,685 records: claimed leak at ATOA
A threat actor put a database from ATOA — a French real-estate tokenization and fractional-investment fintech — up for sale on a dark web forum, exposing roughly 23,685 user and financial records plus 326 full KYC archives containing passports, ID cards and banking details.
- Victim
- ATOA
- records
- 23.7K
On 21 May 2026, ATOA — a French fintech operating a real-estate tokenization and fractional-investment platform (atoa.io), which lets retail investors buy fractions of property projects in France and Spain in euros or crypto — was hit by a claimed data leak after a threat actor advertised a copy of its database for sale on a dark web cybercrime forum.
The exact intrusion vector has not been publicly confirmed. The actor offered what was described as a production database dump alongside an identity-validation archive, the contents of which point to compromised customer, financial and compliance data rather than a simple service disruption.
The exposed data is reported to include:
- Roughly 23,685 tabular records covering user profiles (names, emails, phone numbers, postal addresses, dates of birth, nationalities, tax identifiers)
- Financial details: IBANs, crypto wallet addresses and balances, transaction histories, invested capital, interest and tax categorization
- Around 10,000 transaction rows referencing MangoPay payment infrastructure
- 326 full KYC archives containing passports, national ID cards, RIB/IBAN banking certificates, Kbis corporate filings and proof-of-address documents
Because the dataset combines verified identity documents with banking data, it carries a high risk of identity theft and financial fraud for affected users. The breach was surfaced on underground forums around 22 May 2026; ATOA's containment and notification response had not been publicly documented at the time of reporting, so the status remains unknown.
Sources
- fuitesinfos.frhttps://fuitesinfos.fr/article/2026-05-22-atoa
- cyberattaque.orghttps://www.cyberattaque.org/atoa-io-les-documents-kyc-pieces-didentite-et-donnees-bancaires-exposes-apres-une-fuite-massive/
- brinztech.comhttps://www.brinztech.com/breach-alerts/brinztech-web3-sector-alert-326-kyc-document-archives-financial-transaction-sheets-auctioned-atoa-real-estate-tokenization-platform/
- hendryadrian.comhttps://www.hendryadrian.com/atoa-allegedly-exposed-23685-fintech-records-and-326-kyc-document-archives/