Incidents in sector:

Finance

Data breachUnknownApril 23, 2026

Wazari: customer data leaked after the Assuréa cyberattack

Insurance broker Wazari is informing its customers of a security incident linked to an external attack that affected a management and storage tool

Victim: Wazari

Data breachUnknownApril 15, 2026

Assuréa: leak of 150 GB of data (140k leads and 11k contracts)

The hacker Dumpsec claims to hold, after a cyberattack, a massive database from Assuréa, an insurance broker owned by the Meilleurtaux group.

Victim: Assuréa

Data breachUnknownApril 2, 2026

Maxance: 348,000 people publicly exposed, French state employees among those affected

Insurance broker Maxance is hit by a data leak now publicly disseminated, affecting more than 348,000 people. Among the

Victim: Maxance

Data breachUnknownMarch 4, 2026

1,462,485 beneficiaries affected by the Banque Alimentaire data leak

Beneficiaries of the Banques Alimentaires network are affected by a confirmed leak involving nearly 1.46 million people. The file reportedly covers the 2012-2026 period and contains…

Victim: Banque Alimentaire

OtherUnknownJanuary 24, 2026

Leak at Panorama Banques

2,340,422 customers Last name, first name Nationality Postal address Email address Phone number Marital status Income, current loans, rent Bank Account opening date Owner/tenant status Profession, type of employment contract

Victim: Panorama Banques

Data breachUnknownJanuary 10, 2026

2,340,422 Panorabanques.com customers affected by a data leak

Panorabanques.com customers are affected by a confirmed leak affecting around 2.34 million people. The financial comparator, used by individuals to compare offers…

Victim: Panorabanques.com (2025)
Records: 2.3M

Social engineeringContainedJune 30, 2025

C&M Software Pix heist (Brazil, 2025)

A junior developer at C&M Software — a Central Bank-authorized provider of Pix instant-payment connectivity — was paid roughly R$5,000 to hand over credentials. Attackers used the access to drain approximately R$800 million ($148 million) from reserve accounts at six Brazilian financial institutions in 2.5 hours.

Victim: C&M Software (Pix payment infrastructure provider)
Loss: $148.0M

OtherUnknownApril 15, 2025

Leak at Hertz

name contact details date of birth driver's license credit card passport

Victim: Hertz

OtherUnknownMarch 20, 2025

Leak at Intersport

3.4 million transaction number invoice number PayPal reference number transaction code start date / end date of the transaction debited or credited transaction gross amount of the transaction payer account number buyer's username delivery and billing address user ID first and last name, payment source loyalty card number

Victim: Intersport

Supply chainstolenFebruary 21, 2025

Bybit cold wallet heist

Lazarus operators substituted the implementation contract during a routine Safe multisig transaction, draining ~$1.5 billion in ETH and staked-ETH derivatives from Bybit's Ethereum cold wallet — the largest single cryptocurrency theft in history.

Victim: Bybit
Loss: $1.50B

OtherUnknownNovember 23, 2024

Leak at Banque de France

employee identities, position, salary; customer identities, bank accounts, webmail history; strategic documents, financial reports

Victim: Banque de France

Data breachContainedAugust 13, 2024

Star Health insurance breach and senior-official extortion (India, 2024)

A hacker using the alias xenZen exposed personal and medical data on 31.2 million Star Health customers via Telegram bots, alongside 5.76 million claims records. The leak escalated into a public extortion drama implicating a senior Star Health official.

Victim: Star Health and Allied Insurance
Loss: $30.0M
Records: 31.2M

Credential stuffingContainedMay 30, 2024

Snowflake customer-account credential-stuffing campaign (UNC5537, 2024)

A threat cluster tracked as UNC5537 / ShinyHunters used credentials harvested by infostealer malware to log into ~160 Snowflake customer tenants that lacked MFA. Victims included AT&T, Ticketmaster, Santander, LendingTree, Advance Auto Parts, Neiman Marcus, and Bausch Health. Ticketmaster alone exposed data for ~560 million users.

Victim: Snowflake customer tenants (~160 organisations: AT&T, Ticketmaster, Santander, LendingTree, Advance Auto Parts, Neiman Marcus, Bausch Health, et al.)
Records: 560.0M

RansomwareRansom paidFebruary 21, 2024

Change Healthcare ransomware (ALPHV/BlackCat)

ALPHV/BlackCat compromised Change Healthcare via Citrix portal lacking MFA, paralyzed U.S. prescription claims for weeks, and exfiltrated data on an estimated 100 million people.

Victim: Change Healthcare (UnitedHealth Group)
Loss: $2.87B
Records: 100.0M

RansomwareContainedNovember 9, 2023

ICBC Financial Services LockBit ransomware (2023)

LockBit ransomware disrupted the U.S. broker-dealer arm of the world's largest bank, ICBC, jamming settlement of over $9 billion in U.S. Treasury trades. Bank staff sent critical settlement details by USB stick via a messenger across Manhattan. $62 billion of Treasuries failed to deliver in one day.

Victim: ICBC Financial Services (U.S. broker-dealer of Industrial and Commercial Bank of China)
Loss: $9.00B

Zero-dayResolvedMay 31, 2023

MOVEit Transfer mass exploitation (Cl0p)

Cl0p exploited CVE-2023-34362 in Progress Software's MOVEit Transfer to mass-extort over 2,700 organizations, including the BBC, British Airways, and the U.S. Department of Energy.

Victim: Progress Software MOVEit Transfer (2,700+ downstream)
Loss: $12.15B
Records: 95.0M

Data breachContainedMarch 16, 2023

Latitude Financial Services data breach

Australian consumer-credit lender Latitude Financial disclosed that attackers had exfiltrated 14 million records — including 7.9 million driver's licence numbers and 53,000 passport numbers — via credentials stolen from a service provider.

Victim: Latitude Financial Services
Loss: $50.0M
Records: 14.0M

RansomwareContainedOctober 13, 2022

Medibank ransomware (REvil-affiliated)

Russian-speaking attackers exfiltrated full health-claim records on 9.7 million current and former Medibank customers, then released them in tranches on the dark web after the Australian insurer refused to pay.

Victim: Medibank Private
Loss: $250.0M
Records: 9.7M

private-keypartially-recoveredMarch 23, 2022

Ronin Bridge heist

Lazarus operators compromised five of nine Ronin validator nodes and forged withdrawal signatures, draining 173,600 ETH and 25.5 million USDC (~$625M) — the largest cryptocurrency theft on record at the time.

Victim: Sky Mavis / Axie Infinity / Ronin Network
Loss: $625.0M

Supply chainContainedDecember 13, 2020

SolarWinds SUNBURST supply-chain compromise (Cozy Bear)

Russian SVR operators trojanized SolarWinds Orion build infrastructure, distributing a backdoored update to 18,000 customers including the U.S. Treasury, Commerce, DHS, State, and Energy departments. The defining state cyberespionage operation of the decade.

Victim: SolarWinds (Orion customers — ~18,000 organisations including 9 U.S. federal agencies and Microsoft, FireEye, Mimecast)
Loss: $100.00B

RansomwareRansom paidDecember 31, 2019

Travelex Sodinokibi ransomware and collapse (2019–2020)

REvil/Sodinokibi operators detonated against Travelex on New Year's Eve 2019 after dwelling in the network for six months via an unpatched Pulse Secure VPN. Travelex paid $2.3 million; parent Finablr failed; PwC put Travelex into administration with the loss of over 1,300 jobs.

Victim: Travelex
Loss: $2.3M

Vulnerability exploitResolvedJuly 29, 2019

Capital One cloud misconfiguration breach

Former AWS engineer Paige Thompson exploited a misconfigured Web Application Firewall to extract personal data on roughly 106 million Capital One credit-card applicants and customers from S3.

Victim: Capital One Financial Corporation
Loss: $270.0M
Records: 106.0M

Insider threatResolvedJune 20, 2019

Desjardins insider data breach

An insider at Desjardins — the largest financial cooperative in Canada — exfiltrated personal data on 9.7 million members and businesses over two years before being caught. The defining Canadian insider-threat case.

Victim: Desjardins Group
Loss: $100.0M
Records: 9.7M

private-keystolenJanuary 26, 2018

Coincheck NEM heist

Tokyo-based cryptocurrency exchange Coincheck lost 523 million NEM tokens (~$530M at the time) from a hot wallet that had no multi-signature protection. The largest single crypto-exchange theft at the time — later attributed to North Korea's Lazarus Group.

Victim: Coincheck Inc.
Loss: $530.0M

Vulnerability exploitResolvedSeptember 7, 2017

Equifax data breach

An unpatched Apache Struts vulnerability let attackers exfiltrate Social Security numbers, dates of birth, addresses, and driver's license numbers for 147 million U.S., U.K., and Canadian consumers.

Victim: Equifax
Loss: $1.38B
Records: 147.9M

WiperResolvedJune 27, 2017

NotPetya destructive wiper

A destructive wiper disguised as ransomware, propagated via a compromised Ukrainian accounting software update. Estimated $10 billion in global damage — the most economically destructive cyberattack in history.

Victim: M.E.Doc users (Maersk, Merck, FedEx-TNT, Mondelez, Saint-Gobain et al.)
Loss: $10.00B

EspionagestolenFebruary 4, 2016

Bangladesh Bank SWIFT heist

Lazarus operators sent fraudulent SWIFT instructions through the New York Fed to wire $951 million out of Bangladesh Bank's reserve account. A typo on one transfer stopped $850M; $81M still escaped to Philippine casinos.

Victim: Bangladesh Bank
Loss: $81.0M

EspionageResolvedFebruary 4, 2015

Anthem Inc. data breach

Chinese state-attributed actors exfiltrated personal data on 78.8 million current and former Anthem health insurance customers — at the time the largest healthcare-sector breach in U.S. history.

Victim: Anthem Inc.
Loss: $260.0M
Records: 78.8M