All breaches
Addi data breach34.5M accounts compromised on 2026-03-25
Verified
Addi (addi.com) was the source of a data breach dated 2026-03-25, exposing 34,532,941 accounts. The details below are mirrored from Have I Been Pwned and reflect the source's account of the incident at the time of publication.
Incident Report
| Target Organization | Addi |
|---|---|
| Source Name | ADDI |
| Domain | addi.com |
| Breach Date | 2026-03-25 |
| Added to HIBP | 2026-05-18 |
| Last Modified | 2026-05-18 |
| Accounts Compromised | 34,532,941(34.5M) |
| Data Exposed | Age groupsCredit scoresDevice informationEmail addressesGovernment issued IDsIncome levelsIP addressesLatitude and longitude pairsNamesPhone numbersPhysical addressesPurchasesSocioeconomic levels |
| Status | Verified by HIBP |
Description
In March 2026, the Colombian fintech company Addi identified unauthorised activity on its platform and advised customers that "it is possible that your personal information may have been compromised". The "pay or leak" extortion group ShinyHunters subsequently claimed responsibility and published a large trove of personal data allegedly obtained from Addi. The data included 34M unique email addresses from credit scoring requests, credit bureau records, customer identity records and email validation logs. It also contained government issued IDs (Cédula de Ciudadanía), estimated income, socioeconomic levels, purchases and other credit-related data points.
Disclaimer
HackerFeeds does not engage in the exfiltration, downloading, taking, hosting, viewing, reposting, or disclosure of any stolen information. All breach data reported here is sourced from publicly available threat intelligence feeds for awareness purposes only.