youX confirms data breach after hacker publishes sample of stolen loan application records

Australian financial technology platform youX confirmed this week that it experienced unauthorized access to its systems after a hacker published a sample of what is described as a massive dataset containing personal and financial information tied to hundreds of thousands of loan applications.

The breach came to light after a member of a well-known hacking forum claimed responsibility for compromising 141 gigabytes of data from a MongoDB Atlas cluster. The hacker alleged the database contained information connected to more than 600,000 loan applications submitted through nearly 100 lenders.

youX, a fintech platform that provides technology services to finance brokers and lenders, said on Feb. 17 that it had identified unauthorized access by a third party and launched an investigation. The company acknowledged that a threat actor had released data it claims to have obtained during the intrusion and stated that personal information may have been compromised.

The company said it has kept the Office of the Australian Information Commissioner informed in line with its legal obligations and will continue filing required regulatory notifications as the situation evolves. youX also said it plans to notify affected individuals whose information may have been exposed.

The hacker asserted that the breach involved personal and financial records of 444,538 unique borrowers, including income details, debt information, government identification documents and residential addresses. The claims also reference data tied to 629,597 loan applications and copies of 229,236 Australian driver’s licenses, along with 607,822 residential addresses.

In addition, the hacker alleged that information from 797 broker organizations was accessed, including Australian Business Numbers, banking details, staff directories and customer portfolios. More than 8,000 password hashes associated with broker employees were also said to be included in the compromised data.

A sample described as a preview of the larger dataset was published online. The hacker claimed that preview includes $3.7 billion in loan applications spanning 149,349 records submitted to 93 lenders, along with thousands of driver’s licenses, residential histories and employment records.

The attacker stated that the data was accessed through an unsecured MongoDB Atlas cluster and referenced earlier findings by security researcher Jeremiah Fowler, who identified an exposed MongoDB instance in March 2025. The hacker claimed the database remained accessible 10 months later.