A threat actor claims to be selling a database from UnionPay International, one of the largest international payment systems. The alleged breach exposes 637,700,050 records, which include sensitive information such as full names, gender, identity numbers, date of birth, address, and card numbers.
According to the threat actor, this breach occurred in March 2024 and affects China UnionPay, China’s largest payment network. The breach is said to have compromised the personal and financial data of over 637 million individuals, making it one of the largest data leaks in history. The leaked data includes not only names and ID numbers but also credit and debit card details, transaction histories, and more.
A security researcher reportedly discovered the breach and alerted UnionPay and authorities. While UnionPay confirmed the incident and launched an investigation, the full scope of the damage remains unclear.
The threat actor has offered the data for sale in CSV format, with a total file size of 16.0 GB, and escrow services are supported for potential buyers.
