Check City Data Breach Exposes Personal and Financial Data of Over 320,000 Individuals
Payday loan provider Check City has notified 322,687 individuals of a data breach that occurred in March 2025, exposing sensitive personal and financial information. According to a report by Comparitech, the compromised data includes names, Social Security numbers, government-issued ID numbers, financial account details, credit and debit card numbers, dates of birth, and addresses.
The ransomware group Clop claimed responsibility for the breach in May 2025, though Check City has not confirmed the group’s involvement, and Comparitech has not independently verified the claim. Clop, active since 2019, has been linked to 457 ransomware attacks, with 37 confirmed by targeted organizations. The group was previously responsible for the 2023 MOVEit attack, which exposed the email addresses of approximately 632,000 U.S. federal employees at the Department of Defense and the Department of Justice.
Check City first detected unauthorized network access on April 3, 2025, and later determined that files may have been accessed by unauthorized individuals around March 21, 2025. After an internal review, the company identified affected individuals on February 17, 2025. While no evidence of fraudulent use has been reported, Check City is offering complimentary credit monitoring services as a precaution.
State regulators have also acknowledged the breach. The Texas Office of the Attorney General reported that Check City notified 3,459 Texans via mail, while the California Office of the Attorney General listed the incident on its data security breaches page, noting the breach occurred on April 3, 2025. Check City has not responded to requests for further comment.
Check City cybersecurity rating report: https://www.rankiteo.com/company/check-city
"id": "CHE1775183387",
"linkid": "check-city",
"type": "Ransomware",
"date": "3/2025",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'affected_entities': [{'customers_affected': '322,687',
'industry': 'Financial Services',
'location': 'United States',
'name': 'Check City',
'type': 'Payday loan provider'}],
'customer_advisories': 'Complimentary credit monitoring services offered',
'data_breach': {'number_of_records_exposed': '322,687',
'personally_identifiable_information': 'Names, Social '
'Security numbers, '
'government-issued ID '
'numbers, dates of '
'birth, addresses',
'sensitivity_of_data': 'High',
'type_of_data_compromised': 'Personal and financial data'},
'date_detected': '2025-04-03',
'description': 'Payday loan provider Check City has notified 322,687 '
'individuals of a data breach that occurred in March 2025, '
'exposing sensitive personal and financial information. The '
'compromised data includes names, Social Security numbers, '
'government-issued ID numbers, financial account details, '
'credit and debit card numbers, dates of birth, and addresses. '
'The ransomware group Clop claimed responsibility for the '
'breach in May 2025, though Check City has not confirmed the '
'group’s involvement.',
'impact': {'data_compromised': 'Names, Social Security numbers, '
'government-issued ID numbers, financial '
'account details, credit and debit card '
'numbers, dates of birth, addresses',
'identity_theft_risk': 'High',
'payment_information_risk': 'High'},
'investigation_status': 'Ongoing',
'ransomware': {'ransomware_strain': 'Clop'},
'references': [{'source': 'Comparitech'},
{'source': 'Texas Office of the Attorney General'},
{'source': 'California Office of the Attorney General'}],
'regulatory_compliance': {'regulatory_notifications': 'Texas Office of the '
'Attorney General, '
'California Office of '
'the Attorney General'},
'response': {'communication_strategy': 'Notified affected individuals via '
'mail, offered complimentary credit '
'monitoring services'},
'threat_actor': 'Clop',
'title': 'Check City Data Breach Exposes Personal and Financial Data of Over '
'320,000 Individuals',
'type': 'Data Breach, Ransomware'}