According to the service, due to an incorrect modification of the program code, personal information of clients could remain available to outsiders for almost six months.
The failure covered the period from July 1 to December 13, 2025 and was detected on December 12, Anti-malware writes. During this time, some of the data was potentially open to unauthorized users. We are talking about sensitive information: names, e-mail addresses, phone numbers, company addresses, birth dates and social security numbers.
The company said that after the problem was discovered, the vulnerable code was promptly removed, and possible external access to the data was blocked the next day. It is also emphasized that the publication of notifications was not delayed at the request of law enforcement agencies.
In addition to information disclosure, the incident affected financial transactions: a small proportion of customers had unauthorized transactions directly related to the leak. According to the service’s statement, all those affected received compensation and refunds.
As an additional measure of support, users are offered two years of free credit history monitoring and identity restoration services through Equifax, covering three credit bureaus. You can join the program until June 30, 2026.
The company recommends that customers regularly check credit reports and account activity, and reminds customers that it never asks for passwords, one-time confirmation codes or other authentication information via phone, email or text message.
The exact number of affected users has not yet been disclosed. It is known that all potentially affected accounts have had their passwords forcibly reset – the next time they log in, the system will require them to create new credentials.
