Skip to content
Data breachContained

13,000 Be-bunk customers affected by a data leak

On 3 March 2026, Be-bunk, a fintech payment provider serving French overseas territories, confirmed a data breach affecting around 13,000 customers, with an actor claiming a 75-million-line database including IBANs, balances and identity data.

Victim
Be-bunk
records
13.0K

On 3 March 2026, Be-bunk β€” a fintech payment provider offering French IBANs, Visa cards and a mobile app to customers across New Caledonia, Wallis and Futuna and French Polynesia β€” confirmed a data breach affecting roughly 13,000 of its customers. A threat actor using the alias "Spirigatito" claimed responsibility, advertised a database of some 75,358,343 lines (around 200 GB) for sale, and circulated a sample to substantiate the claim.

Be-bunk attributed the incident to a security flaw that it said was "quickly identified and corrected," and stated that technical measures had been taken to secure its systems against further intrusion. The company filed a complaint with authorities in New Caledonia.

The data implicated in the actor's listing covered sensitive financial and personal records, including:

  • Names, first names, email addresses and phone numbers
  • IBAN account numbers, account balances and fee data
  • KYC verification status and politically exposed person (PEP) flags
  • Account creation dates, products held and notification tokens

Be-bunk warned customers to be alert to sophisticated phishing attempts, stressing that it would never request account passwords or solicit users via social media, and published dedicated contact numbers for each affected territory. Of the roughly 13,000 customers concerned, a maximum of about 538 were in French Polynesia. The breach is considered contained following remediation, though stolen data was already in circulation at the time of disclosure.

Sources

  1. fuitesinfos.frhttps://fuitesinfos.fr/article/2026-03-03-be-bunk
  2. frenchbreaches.comhttps://frenchbreaches.com/blog/fuite-massive-chez-be-bunk-75-millions-de-lignes-de-donnees-financieres-revendiquees
  3. tntvnews.pfhttps://www.tntvnews.pf/polynesie/economie/fuite-de-donnees-financieres-chez-be-bunk-la-fintech-appelle-ses-clients-a-la-vigilance/

Related incidents

Data breachUnknown

23,685 records: claimed leak at ATOA

A threat actor put a database from ATOA β€” a French real-estate tokenization and fractional-investment fintech β€” up for sale on a dark web forum, exposing roughly 23,685 user and financial records plus 326 full KYC archives containing passports, ID cards and banking details.

Victim
ATOA
Records
23.7K