A prominent member of a hacking forum has taken credit for a cyberattack on the Australian fintech company youX, which may have impacted hundreds of thousands of people. The company confirmed the unauthorized access and is currently working with regulators to notify affected individuals whose personal and financial data was exposed.

The Australian financial technology provider youX recently disclosed a significant security breach after discovering that an unauthorized third party had gained access to its internal systems. In a formal update released on February 17, the company acknowledged that personal information was likely compromised and that a threat actor had already begun releasing stolen data. In response to the escalating situation, youX has maintained contact with the Office of the Australian Information Commissioner and pledged to fulfill its legal obligations by notifying all impacted parties as the investigation continues.

While the company assessment is ongoing, the hacker involved has made substantial claims regarding the scale of the theft, asserting that they exfiltrated the sensitive records of over 444,000 unique borrowers. The attacker alleges that the breach occurred because finance brokers trusted the platform with highly confidential client information, including income statements, debt records, and government identification. According to the threat actor, the vulnerability stemmed from an unsecured database cluster that remained exposed despite previous warnings from security researchers.

The specific data allegedly stolen includes a massive repository of financial and personal identifiers, such as hundreds of thousands of Australian driver's licenses and residential addresses. The hacker also claims to have seized records belonging to nearly 800 broker organizations, which contain sensitive business details like banking information and full customer portfolios. To prove the validity of the breach, a preview of the dataset was released containing billions of dollars worth of loan application records and thousands of employment histories.

Beyond the borrower data, the incident has also put industry professionals at risk, with reports indicating that over 8,000 password hashes belonging to broker employees were compromised. The hacker noted that a white hat researcher had identified the security flaw as early as March 2025, yet claimed the system remained accessible nearly a year later. The attacker has since entered an extortion phase, threatening to release further portions of the stolen database in stages over the next several weeks if their demands are not met.

Industry partners have started to react to the news, with Viking Asset Aggregation confirming that they are aware of the security failure at youX. The organization stated that they are working closely with the fintech platform to support stakeholders and manage inquiries as more information becomes available. This incident highlights a growing concern regarding the security of downstream lenders and the third-party technology providers that manage the sensitive financial pipelines for the Australian lending market.

Source: Aussie Fintech youX Confirms Data Breach As Hacker Leaks Massive Dataset