Criminals breached AIQLABS sp. z o.o., the operator of the Supergrosz financial service platform in Poland, gaining unauthorized access to highly sensitive personal data of users. The compromised information includes names, national ID numbers (PESEL), ID card details, email/home addresses, phone numbers, marital status, employment details, declared income, bank account numbers, and Facebook identifiers. The breach poses severe risks of identity theft, financial fraud, and targeted scams, prompting Polish authorities—including CSIRT KNF, CSIRT NASK, and the Personal Data Protection Office—to investigate. Users were urged to block their PESEL numbers via the mObywatel app, change passwords, and enable two-factor authentication. A government portal (bezpiecznedane.gov.pl) was launched to help citizens verify if their data was exposed. The incident follows recent cyberattacks in Poland, including a BLIK payment system outage and an ITAKA travel agency data leak, highlighting escalating cyber threats in the region.
TPRM report: https://www.rankiteo.com/company/aiqlabs
"id": "aiq2492024110225",
"linkid": "aiqlabs",
"type": "Breach",
"date": "11/2025",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'affected_entities': [{'customers_affected': 'partial user base (exact number '
'undisclosed)',
'industry': 'fintech/personal finance',
'location': 'Poland',
'name': 'Supergrosz (AIQLABS sp. z o.o.)',
'type': 'financial services platform'}],
'customer_advisories': ['Check data compromise status at '
'bezpiecznedane.gov.pl.',
'Monitor for identity theft and financial fraud.'],
'data_breach': {'data_exfiltration': True,
'personally_identifiable_information': True,
'sensitivity_of_data': 'extremely high (includes national ID '
'numbers, bank details, and '
'comprehensive personal profiles)',
'type_of_data_compromised': ['personally identifiable '
'information (PII)',
'financial data',
'employment records',
'social media identifiers']},
'date_publicly_disclosed': '2025-11-02',
'description': 'Criminals gained unauthorized access to the Supergrosz '
'platform (operated by AIQLABS sp. z o.o.), compromising '
'highly sensitive personal data of users. The breach exposed '
'names, national identification numbers (PESEL), ID card '
'details, email and home addresses, phone numbers, '
'nationality, marital status, number of children, employment '
'details, employer contact information, declared income, bank '
'account numbers, and Facebook identifiers. Polish '
'cybersecurity teams (CSIRT KNF and CSIRT NASK) and the '
'Personal Data Protection Office are investigating. Users were '
'advised to secure their PESEL numbers, change passwords, '
'enable 2FA, and monitor a new government website '
'(bezpiecznedane.gov.pl) to check if their data was '
'compromised. The incident is part of a wave of cyberattacks '
'in Poland, including disruptions to the BLIK payment system '
'and a data leak at ITAKA travel agency.',
'impact': {'brand_reputation_impact': 'high (public warning by government '
'minister, national media coverage)',
'data_compromised': ['names',
'national identification numbers (PESEL)',
'ID card details',
'email addresses',
'home addresses',
'phone numbers',
'nationality',
'marital status',
'number of children',
'employment details',
'employer contact information',
'declared income',
'bank account numbers',
'Facebook identifiers'],
'identity_theft_risk': 'high (PESEL numbers exposed, government '
'urged blocking via mObywatel app)',
'payment_information_risk': 'high (bank account numbers exposed)',
'systems_affected': ['Supergrosz platform (AIQLABS sp. z o.o.)']},
'initial_access_broker': {'high_value_targets': ['PESEL numbers',
'bank account details']},
'investigation_status': 'ongoing (CSIRT KNF, CSIRT NASK, and Personal Data '
'Protection Office involved)',
'motivation': ['financial gain', 'identity theft', 'data exploitation'],
'ransomware': {'data_exfiltration': True},
'recommendations': ['Companies must prioritize cybersecurity preparedness '
'against organized crime groups.',
'Citizens should enable 2FA, monitor financial accounts, '
'and use government tools (e.g., mObywatel) to protect '
'identities.',
'Regular audits of systems handling sensitive data (e.g., '
'PESEL, bank details) are critical.'],
'references': [{'date_accessed': '2025-11-02', 'source': 'Radio Poland/IAR'},
{'date_accessed': '2025-11-02',
'source': 'X (Twitter) - @KGawkowski',
'url': 'https://x.com/KGawkowski/status/[redacted]'}],
'regulatory_compliance': {'regulations_violated': ['GDPR (likely, due to PII '
'exposure)'],
'regulatory_notifications': ['Polish Personal Data '
'Protection Office '
'(notified)']},
'response': {'communication_strategy': ['Public warning by Minister Krzysztof '
'Gawkowski on X (Twitter)',
'Media outreach (Radio Poland/IAR)',
'Government website for data status '
'checks'],
'incident_response_plan_activated': True,
'law_enforcement_notified': True,
'remediation_measures': ['Government launched '
'bezpiecznedane.gov.pl for citizens to '
'check compromised data',
'Users advised to block PESEL via '
'mObywatel app',
'Password changes recommended',
'Two-factor authentication (2FA) '
'enabled'],
'third_party_assistance': ['CSIRT KNF (financial institutions)',
'CSIRT NASK (national research '
'network)']},
'stakeholder_advisories': ['Government warning to secure PESEL numbers via '
'mObywatel app.',
'Advice to change passwords and enable 2FA.'],
'threat_actor': ['organized crime groups', 'unknown perpetrators'],
'title': 'Data Breach at Supergrosz (AIQLABS sp. z o.o.) Exposing Sensitive '
'Personal Information',
'type': ['data breach', 'unauthorized access', 'identity theft risk']}