Have I Been Pwned: Addi Data Breach
Addi Data Breach
What Happened
In March 2026, the Colombian fintech company Addi identified unauthorised activity on its platform and advised customers that "it is possible that your personal information may have been compromised". The "pay or leak" extortion group ShinyHunters subsequently claimed responsibility and published a large trove of personal data allegedly obtained from Addi. The data included 34M unique email addresses from credit scoring requests, credit bureau records, customer identity records and email validation logs. It also contained government issued IDs (Cédula de Ciudadanía), estimated income, socioeconomic levels, purchases and other credit-related data points.
Compromised Data
Age groups
Credit scores
Device information
Email addresses
Government issued IDs
Income levels
IP addresses
Latitude and longitude pairs
Names
Phone numbers
Physical addresses
Purchases
Socioeconomic levels
Recommended Actions
Sponsored
Use a password manager to generate and store strong, unique passwords for all your accounts. 1Password helps protect your data with industry-leading security.
Try 1Password
Breach Overview
Affected Accounts:
34.5 million
Breach Occurred:
March 2026
Added to HIBP:
18 May 2026
Recommended Actions
Change Your Password
If you haven’t already changed the password affected by this breach, do so<br>immediately on every account where it was used.
Enable Two-Factor Authentication
Wherever 2FA is supported, add an extra layer of security to your account.
Sponsored
Use a password manager to generate and store strong, unique passwords for all your accounts. 1Password helps protect your data with industry-leading security.
Try 1Password