verified2026-03-25

AddiAddi breach

addi.com · 34,532,941 records compromised

Records
34.53M
Breach date
2026-03-25
Domain
addi.com
Data classes
13

Description

In March 2026, the Colombian fintech company Addi identified unauthorised activity on its platform and advised customers that "it is possible that your personal information may have been compromised". The "pay or leak" extortion group ShinyHunters subsequently claimed responsibility and published a large trove of personal data allegedly obtained from Addi. The data included 34M unique email addresses from credit scoring requests, credit bureau records, customer identity records and email validation logs. It also contained government issued IDs (Cédula de Ciudadanía), estimated income, socioeconomic levels, purchases and other credit-related data points.

Compromised data classes· 13

Age groupsCredit scoresDevice informationEmail addressesGovernment issued IDsIncome levelsIP addressesLatitude and longitude pairsNamesPhone numbersPhysical addressesPurchasesSocioeconomic levels

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

Breach
Abrigo
Breach
Adecco
Breach
Woflow
Breach
Udemy
Breach
ADT
Breach
Adpost
Sourced from Have I Been Pwned. Aggregate metadata only — no PII. Curated by Adam Lundqvist, Founder at SQUR.