Sumsub, European KYC third party company, suffers a data leak.

Fincrime Central – 6 Feb 26

The Sumsub Incident and the Future of Cloud Compliance - Fincrime Central

The Sumsub security incident demonstrates the inherent data breach risk when using third party cloud providers for identity verification and transaction monitoring services.

TL;DR:

Sumsub identified a security incident in early 2026 involving unauthorized activity that originated from an external threat actor who submitted a malicious attachment through a third-party support ticketing platform in July 2024. […] While the company confirmed that identity document images and bank details remained secure, the exposed data included names, email addresses, and phone numbers for a specific subset of accounts.

The discovery of this intrusion occurred retrospectively during a routine security review, leading to immediate incident response and direct notification to all affected customers through their support manager - FIN CRIME CENTRAL

Sumsub is “trusted third party” that verifies the identity of millions of internet users via banks, fintech, crypto, gambling…

Unfortunately, I can’t find any mainstream English news sources reporting on this issue. The only recognizable English source reporting on it is Sumsub’s own blog post, which, of course, is biased.

Sumsub

Security Incident Update | Sumsub

Security Incident Update