• Home
  • cyber
  • Money Mart and CRC Group: Money Mart warns data breach leaked SSNs. Cybercriminals take credit
cyber Ransomware

Money Mart and CRC Group: Money Mart warns data breach leaked SSNs. Cybercriminals take credit

Jan 12, 2026 3 min read
Money Mart and CRC Group: Money Mart warns data breach leaked SSNs. Cybercriminals take credit

Money Mart Data Breach Exposes Personal Information in November 2025 Attack

Payday loan provider Money Mart has begun notifying victims of a November 2025 data breach that exposed names and Social Security numbers. The company confirmed that hackers infiltrated a third-party application, though it did not disclose the vendor’s identity.

The ransomware group Everest claimed responsibility for the attack, alleging it stole 80,000 files, including personal data of U.S. and Canadian customers and internal employee documents. Money Mart has not verified Everest’s claims, and key details such as the number of affected individuals, ransom demands, or breach methods remain undisclosed. The company’s forensic investigation is ongoing.

In a notice to victims, Money Mart stated that unauthorized access to files in a third-party application was detected in early December 2025, with evidence suggesting personal data was accessed and exfiltrated. As a remedy, the company is offering 12 months of free credit monitoring through TransUnion, with enrollment open until April 30, 2026.

Everest, active since 2020, has a history of high-profile attacks, including breaches at NASA, the Brazilian government, and multiple healthcare providers. After a lull in 2022–2023, the group resurfaced in 2024 and has since claimed 11 confirmed ransomware attacks in 2025, targeting sectors like aerospace (Collins Aerospace), aviation (Dublin Airport), and finance. Money Mart marks its second financial services victim this year, following a June 2025 attack on New American Funding, where Everest allegedly stole 350 GB of data. The group has also claimed 73 unconfirmed attacks in 2025 that remain unverified by affected organizations.

The breach aligns with a broader surge in ransomware attacks on U.S. financial firms. In 2025 alone, researchers recorded 50 confirmed incidents, compromising over 700,000 records. Notable examples include a January 2025 breach at Wakefield & Associates (371,577 affected, claimed by Akira) and a February 2025 attack on CRC Group (60,727 affected, claimed by LeakedData). Such attacks often involve data theft and system encryption, with threat actors demanding ransoms to prevent leaks or restore access.

Money Mart, a subsidiary of Momentum Financial Services Group, operates over 420 branches across North America and serves 1.6 million customers, offering cash advances and installment loans. The company, formerly known as Dollar Financial Group, also owns brands like The Check Cashing Store and Centz.

Source: https://www.comparitech.com/news/money-mart-warns-data-breach-leaked-ssns-cybercriminals-take-credit/

Money Mart cybersecurity rating report: https://www.rankiteo.com/company/moneymart

Money Radio, a CRC Broadcasting Company cybersecurity rating report: https://www.rankiteo.com/company/money-radio-a-crc-broadcasting-company

"id": "MONMON1768239310",
"linkid": "moneymart, money-radio-a-crc-broadcasting-company",
"type": "Ransomware",
"date": "1/2026",
"severity": "100",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"
{'affected_entities': [{'industry': 'Payday Loans, Installment Loans',
                        'location': 'North America',
                        'name': 'Money Mart',
                        'size': '1.6 million customers, 2,000+ employees, 420+ '
                                'branches',
                        'type': 'Financial Services'}],
 'attack_vector': 'Third-party application compromise',
 'customer_advisories': '12 months complimentary credit monitoring through '
                        'TransUnion (enrollment deadline: 2026-04-30)',
 'data_breach': {'data_exfiltration': 'Yes',
                 'number_of_records_exposed': '80,000 files',
                 'personally_identifiable_information': 'Names, Social '
                                                        'Security numbers',
                 'sensitivity_of_data': 'High (SSNs, employee documents)',
                 'type_of_data_compromised': 'Personally Identifiable '
                                             'Information (PII)'},
 'date_detected': '2025-12-01',
 'description': 'Payday loan company Money Mart notified victims of a November '
                '2025 data breach that compromised names and Social Security '
                'numbers. Hackers broke into a third-party application and '
                'stole personal data held by the company. A ransomware group '
                'called Everest took credit for the breach.',
 'impact': {'data_compromised': 'Names, Social Security numbers, '
                                'employee-related documents',
            'identity_theft_risk': 'High',
            'systems_affected': 'Third-party application'},
 'initial_access_broker': {'entry_point': 'Third-party application'},
 'investigation_status': 'Ongoing',
 'motivation': 'Financial gain, Data exfiltration',
 'ransomware': {'data_exfiltration': 'Yes', 'ransomware_strain': 'Everest'},
 'references': [{'source': 'Money Mart Victim Notice', 'url': 'PDF'},
                {'source': 'Comparitech'}],
 'response': {'communication_strategy': 'Victim notification, credit '
                                        'monitoring offer'},
 'threat_actor': 'Everest',
 'title': 'Money Mart Data Breach',
 'type': 'Data Breach, Ransomware'}
Published by
Jeremy C
Jeremy C
You might also like
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.