Bottom line: A current data breach of 4.9 million Wise customers containing names, birth dates, and Spanish tax identification numbers is being traded on the darknet and poses significant risks for identity theft and fraud.
An actor in an underground forum is offering a dataset containing approximately 4.9 million customer records from the fintech platform Wise for sale. The data was allegedly stolen from Wise systems between late 2025 and early 2026 and contains sensitive personal information, particularly from Spanish users.
The dataset offered for sale comprises around 4.9 million entries and, according to the seller, primarily affects customers from Spain. Security researchers from Cybernews analyzed a sample of 17 published datasets and confirmed their authenticity. The samples contain full names, birth dates, gender information, contact details, and Spanish tax identification numbers (Número de Identificación Fiscal, NIF). For many Spanish citizens, the NIF also serves as their national identification number.
Timestamps within the analyzed data suggest that the breach occurred between late 2025 and early 2026. This evidences a recent exfiltration and refutes the theory of merely recycled older known leaks. Although the dataset contains no direct passwords or financial data such as account numbers, analysts classify the information as valuable for criminal purposes. Wise serves over 15 million active customers worldwide.
The exposed data enables attackers to create detailed victim profiles and conduct targeted fraud attempts. Cybernews researchers warn: “There is a significant risk of identity theft, fraud, and targeted social engineering attacks for the individuals listed in the dataset.” The combination of authentic names, contact details, and government identification numbers increases the credibility of fraudsters when making calls and other contact attempts.
Documented incidents show that the Wise name has already been misused in phishing campaigns: fraudsters contacted customers, posed as Wise support, and demonstrated prior knowledge such as names, email addresses, and portions of credit card numbers. With access to official identification numbers, such deception attempts could be considerably more convincing and could make it easier for attackers to bypass identity verification. An official statement from Wise regarding the incident is not currently available.
Source: www.it-daily.net · Published June 14, 2026
Lumi AI News — AI-assisted curation pursuant to Art. 50 EU AI Act. Paraphrase and classification by Lumi News Pipeline v1.7.1.