Criminals executed a severe cyberattack on Supergrosz, a financial service platform operated by AIQLABS sp. z o.o., compromising highly sensitive personal data of users. The breach exposed names, national ID numbers (PESEL), ID card details, email/home addresses, phone numbers, marital status, employment data, employer contacts, declared income, bank account numbers, and Facebook identifiers. The incident prompted urgent intervention from Poland’s CSIRT KNF (financial cybersecurity team) and CSIRT NASK, alongside notifications to the Polish Personal Data Protection Office. Authorities warned users to secure their PESEL numbers via the mObywatel app, change passwords, and enable two-factor authentication. A government portal (bezpiecznedane.gov.pl) was launched to help citizens verify if their data was leaked. The attack underscores a rising trend of organized cybercrime targeting critical personal and financial information, with potential for large-scale identity theft and fraud. The breach coincided with other major incidents in Poland, including a BLIK payment system outage and a separate ITAKA travel agency data leak.
TPRM report: https://www.rankiteo.com/company/supergrosz
"id": "sup2232122110225",
"linkid": "supergrosz",
"type": "Breach",
"date": "11/2025",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'affected_entities': [{'customers_affected': 'partial user base (exact number '
'undisclosed)',
'industry': 'fintech/personal finance',
'location': 'Poland',
'name': 'Supergrosz (AIQLABS sp. z o.o.)',
'type': 'financial services platform'}],
'customer_advisories': ['Secure PESEL numbers via mObywatel app',
'Change passwords and enable 2FA',
'Monitor bezpiecznedane.gov.pl for exposure checks'],
'data_breach': {'data_exfiltration': True,
'personally_identifiable_information': True,
'sensitivity_of_data': 'extremely high (includes national ID '
'numbers, bank details, and '
'comprehensive personal profiles)',
'type_of_data_compromised': ['personally identifiable '
'information (PII)',
'financial data',
'employment data',
'social media identifiers']},
'date_publicly_disclosed': '2025-11-02',
'description': 'Criminals gained unauthorized access to the Supergrosz '
'platform (operated by AIQLABS sp. z o.o.), compromising '
'highly sensitive personal data of users. The breach exposed '
'names, national identification numbers (PESEL), ID card '
'details, email/home addresses, phone numbers, nationality, '
'marital status, number of children, employment details, '
'employer contact information, declared income, bank account '
'numbers, and Facebook identifiers. Polish cybersecurity teams '
'(CSIRT KNF and CSIRT NASK) and the Personal Data Protection '
'Office are investigating. Users were advised to secure their '
'PESEL numbers, change passwords, and enable two-factor '
'authentication. A government website (bezpiecznedane.gov.pl) '
'was announced to help citizens check if their data was '
'compromised.',
'impact': {'brand_reputation_impact': 'high (public warning by Polish '
'minister, national media coverage)',
'data_compromised': ['names',
'national identification numbers (PESEL)',
'ID card details',
'email addresses',
'home addresses',
'phone numbers',
'nationality',
'marital status',
'number of children',
'employment details',
'employer contact information',
'declared income',
'bank account numbers',
'Facebook identifiers'],
'identity_theft_risk': 'high (PESEL numbers exposed, government '
'urged citizens to block them via mObywatel '
'app)',
'payment_information_risk': 'high (bank account numbers exposed)',
'systems_affected': ['Supergrosz platform (AIQLABS sp. z o.o.)']},
'initial_access_broker': {'high_value_targets': ['PESEL numbers',
'bank account details',
'comprehensive PII']},
'investigation_status': 'ongoing (CSIRT KNF, CSIRT NASK, and Personal Data '
'Protection Office involved)',
'motivation': ['financial gain', 'identity theft', 'data monetization'],
'ransomware': {'data_exfiltration': True},
'recommendations': ['Companies must prioritize cybersecurity preparedness '
'against organized crime groups.',
'Citizens should enable 2FA, monitor financial accounts, '
'and use government tools (e.g., mObywatel) to protect '
'sensitive identifiers like PESEL.',
'Regular audits for vulnerabilities in platforms handling '
'high-sensitivity data (e.g., fintech, personal '
'finance).'],
'references': [{'date_accessed': '2025-11-02', 'source': 'Radio Poland/IAR'},
{'date_accessed': '2025-11-02',
'source': 'X (Twitter) - @KGawkowski',
'url': 'https://x.com/KGawkowski/status/[post_id]'}],
'regulatory_compliance': {'regulations_violated': ['GDPR (likely, due to PII '
'exposure)'],
'regulatory_notifications': ['Polish Personal Data '
'Protection Office '
'(notified)']},
'response': {'communication_strategy': ['Public warning by Polish minister '
'(Krzysztof Gawkowski) on X (Twitter)',
'Media coverage (Radio Poland/IAR)',
'User advisories for securing '
'personal data'],
'incident_response_plan_activated': True,
'law_enforcement_notified': True,
'remediation_measures': ['Government website '
'(bezpiecznedane.gov.pl) for citizens '
'to check compromised data',
'Advisory to block PESEL numbers via '
'mObywatel app',
'Password change recommendations',
'Two-factor authentication (2FA) '
'enablement'],
'third_party_assistance': ['CSIRT KNF (financial institutions)',
'CSIRT NASK (national research '
'network)']},
'stakeholder_advisories': ['Polish government (via Krzysztof Gawkowski)',
'CSIRT KNF (financial sector)',
'CSIRT NASK (national research network)'],
'threat_actor': ['organized crime groups', 'unknown perpetrators'],
'title': 'Data Breach at Supergrosz (AIQLABS sp. z o.o.) Exposing Sensitive '
'Personal Information',
'type': ['data breach', 'unauthorized access', 'identity theft risk']}