Skip to content
Data breachUnknown

23,685 records: claimed leak at ATOA

A threat actor put a database from ATOA — a French real-estate tokenization and fractional-investment fintech — up for sale on a dark web forum, exposing roughly 23,685 user and financial records plus 326 full KYC archives containing passports, ID cards and banking details.

Victim
ATOA
records
23.7K

On 21 May 2026, ATOA — a French fintech operating a real-estate tokenization and fractional-investment platform (atoa.io), which lets retail investors buy fractions of property projects in France and Spain in euros or crypto — was hit by a claimed data leak after a threat actor advertised a copy of its database for sale on a dark web cybercrime forum.

The exact intrusion vector has not been publicly confirmed. The actor offered what was described as a production database dump alongside an identity-validation archive, the contents of which point to compromised customer, financial and compliance data rather than a simple service disruption.

The exposed data is reported to include:

  • Roughly 23,685 tabular records covering user profiles (names, emails, phone numbers, postal addresses, dates of birth, nationalities, tax identifiers)
  • Financial details: IBANs, crypto wallet addresses and balances, transaction histories, invested capital, interest and tax categorization
  • Around 10,000 transaction rows referencing MangoPay payment infrastructure
  • 326 full KYC archives containing passports, national ID cards, RIB/IBAN banking certificates, Kbis corporate filings and proof-of-address documents

Because the dataset combines verified identity documents with banking data, it carries a high risk of identity theft and financial fraud for affected users. The breach was surfaced on underground forums around 22 May 2026; ATOA's containment and notification response had not been publicly documented at the time of reporting, so the status remains unknown.

Sources

  1. fuitesinfos.frhttps://fuitesinfos.fr/article/2026-05-22-atoa
  2. cyberattaque.orghttps://www.cyberattaque.org/atoa-io-les-documents-kyc-pieces-didentite-et-donnees-bancaires-exposes-apres-une-fuite-massive/
  3. brinztech.comhttps://www.brinztech.com/breach-alerts/brinztech-web3-sector-alert-326-kyc-document-archives-financial-transaction-sheets-auctioned-atoa-real-estate-tokenization-platform/
  4. hendryadrian.comhttps://www.hendryadrian.com/atoa-allegedly-exposed-23685-fintech-records-and-326-kyc-document-archives/

Related incidents