// UNCLASSIFIED // CLEARED FOR PUBLIC RELEASE //
FILE BRC-hibpDTG 0600Z
Breach Record

Addi

DISCLOSED 2026-03-25 · STOLEN CREDS · 34,532,941 RECORDS EXPOSED

In March 2026, the Colombian fintech company Addi identified unauthorised activity on its platform and advised customers that "it is possible that your personal information may have been compromised". The "pay or leak" extortion group ShinyHunters subsequently claimed responsibility and published a large trove of personal data allegedly obtained from Addi. The data included...

The record

What we know

Disclosed
2026-03-25
Attack vector
Stolen Creds
Records exposed
34,532,941
Domain
addi.com
Data classes exposed
Age groupsCredit scoresDevice informationEmail addressesGovernment issued IDsIncome levelsIP addressesLatitude and longitude pairsNamesPhone numbersPhysical addressesPurchasesSocioeconomic levels
Sources

Cited reporting

Similar vector · recent

Other stolen creds breaches on file

This page is the permanent ColdRecon entry for the Addi disclosure. It updates if new public reporting emerges. All tracked breaches →

Addi just lived through this. Your next prospect doesn't have to.

ColdRecon turns every disclosed breach into a daily intelligence brief from the seller's seat — normalized to the factors that move a deal, written in the Handler's voice. Request clearance and the first lands tomorrow at 0600.

Request Clearance →