Nium Data Breach Exposes Sensitive Customer Information in 2025
On November 3, 2025, global fintech company Nium, Inc. detected unauthorized access to its file system, revealing that an old 2022 customer data file had been compromised. The breach exposed sensitive personally identifiable information (PII), including names, email addresses, physical addresses, phone numbers, Social Security numbers, and dates of birth.
Nium, a Singapore- and San Francisco-based financial technology firm specializing in cross-border payments, operates in over 190 countries and serves banks, fintechs, and enterprises. The company responded by restricting access, launching an investigation, and notifying authorities, including the Massachusetts Attorney General’s office on December 10, 2025. According to the disclosure, 13 Massachusetts residents were affected, though the full scope of impacted individuals remains unclear.
The exposed file was primarily used for technical system logs, but a subset contained personal data. In response, Nium has strengthened monitoring, implemented additional security controls, and plans to migrate to a new technology stack. Affected individuals are being offered complimentary credit monitoring.
The breach raises concerns about identity theft, phishing, and fraud, as compromised data could be exploited for malicious purposes. Legal firms, including Shamis & Gentile P.A., are investigating potential class action lawsuits for affected customers.
Source: https://www.claimdepot.com/investigations/nium-data-breach-2025
Nium cybersecurity rating report: https://www.rankiteo.com/company/nium-global
"id": "NIU1765584555",
"linkid": "nium-global",
"type": "Breach",
"date": "11/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': '13 (Massachusetts residents '
'only, as per disclosure)',
'industry': 'FinTech, Cross-border Payments, Card '
'Issuing',
'location': 'Headquartered in Singapore and San '
'Francisco, USA',
'name': 'Nium, Inc.',
'size': '700+ employees',
'type': 'Financial Technology Company'}],
'attack_vector': 'Unauthorized Access',
'customer_advisories': 'Affected individuals notified; advised to monitor '
'accounts and use credit monitoring services',
'data_breach': {'data_exfiltration': 'Yes (file was accessed and downloaded '
'by an unauthorized party)',
'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'High (Personally Identifiable '
'Information)',
'type_of_data_compromised': ['Name',
'Email address',
'Physical address',
'Phone number',
'Social Security number',
'Date of birth']},
'date_detected': '2025-11-03',
'date_publicly_disclosed': '2025-12-10',
'description': 'Nium, Inc. detected unauthorized access to its file system on '
'November 3, 2025, leading to the exposure of sensitive '
'personally identifiable information from an old file dating '
'back to 2022. The breach was reported to the Massachusetts '
'Attorney General’s office on December 10, 2025, with 13 '
'individuals in Massachusetts affected. The company has since '
'strengthened security measures and offered complimentary '
'credit monitoring to affected individuals.',
'impact': {'data_compromised': 'Sensitive personally identifiable information',
'identity_theft_risk': 'Increased risk of identity theft, phishing '
'attempts, and fraud',
'operational_impact': 'Strengthened monitoring and security '
'controls; planned migration to a new '
'technology stack',
'systems_affected': 'File system containing customer information'},
'investigation_status': 'Ongoing (class action lawsuit investigation)',
'post_incident_analysis': {'corrective_actions': 'Strengthened monitoring, '
'additional security '
'controls, planned migration '
'to a new technology stack',
'root_causes': 'Unauthorized access to an old file '
'containing customer information'},
'recommendations': ['Review communications from Nium regarding the breach',
'Take advantage of complimentary credit monitoring',
'Monitor financial accounts and credit reports for '
'suspicious activity',
'Be vigilant for phishing attempts',
'Consider placing a fraud alert or security freeze on '
'credit files'],
'references': [{'source': 'Shamis & Gentile P.A.'}],
'regulatory_compliance': {'legal_actions': 'Class action lawsuit '
'investigation underway',
'regulatory_notifications': 'Reported to '
'Massachusetts Attorney '
'General’s office'},
'response': {'communication_strategy': 'Reported breach to Massachusetts '
'Attorney General’s office; notified '
'affected individuals',
'containment_measures': 'Immediate restriction of access to the '
'file system',
'enhanced_monitoring': 'Yes',
'incident_response_plan_activated': 'Yes',
'recovery_measures': 'Offered complimentary credit monitoring to '
'affected individuals',
'remediation_measures': 'Strengthened monitoring, implemented '
'additional security controls, planned '
'migration to a new technology stack'},
'title': 'Nium, Inc. Data Breach Investigation',
'type': 'Data Breach'}