**ThinkMarkets Hit by Chaos Ransomware Group in Major Data Breach**
Australian online brokerage ThinkMarkets has fallen victim to a significant data breach, with the Chaos ransomware group claiming responsibility. On December 8, Chaos listed ThinkMarkets on its dark web extortion site, revealing it had stolen 512GB of sensitive data, which it later published online.
The leaked data includes internal company records, such as human resources files, customer dispute details, legal advice, company policies, and trading information. Among the exposed files were passport scans of employees and know-your-customer (KYC) records of clients, raising serious privacy and security concerns.
Who is Chaos?
Chaos is a relatively new ransomware group, first detected in February 2023, with only 28 claimed victims to date. According to Talos Intelligence, the group actively promotes its ransomware on Russian-language hacking forums, targeting Windows, ESXi, Linux, and NAS systems. Key features of their malware include rapid encryption, individual file encryption keys, and network scanning capabilities.
Chaos operates with an affiliate model, charging a refundable entry fee for access to its automated attack panel. The group explicitly avoids targeting BRICS/CIS countries, hospitals, and government entities.
About ThinkMarkets
Headquartered in Melbourne, ThinkMarkets is a global online trading provider with offices in the Middle East, South Africa, Europe, and the U.S. Originally founded as ThinkForex in 2012, the company rebranded in 2016 and positions itself as a leader in online trading services, offering advanced tools and customer support.
As of now, ThinkMarkets has not responded to requests for comment on the breach. The incident underscores the growing threat of ransomware attacks on financial services firms, with sensitive client and corporate data at risk.
ThinkMarkets cybersecurity rating report: https://www.rankiteo.com/company/thinkmarkets
"id": "THI1765339292",
"linkid": "thinkmarkets",
"type": "Ransomware",
"date": "12/2025",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'affected_entities': [{'industry': 'Financial Services',
'location': 'Melbourne, Australia (with global offices '
'in the Middle East, South Africa, Europe, '
'and the United States)',
'name': 'ThinkMarkets',
'type': 'Online Brokerage'}],
'data_breach': {'data_exfiltration': 'Yes',
'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Human resources information',
'Customer disputes',
'Legal advice',
'Company policies',
'Trading information',
'Passport scans',
'Know-Your-Customer (KYC) '
'records']},
'date_detected': '2023-12-08',
'date_publicly_disclosed': '2023-12-08',
'description': 'Australian online brokerage ThinkMarkets suffered a serious '
'data breach. The ransomware group Chaos listed the company on '
'its dark web extortion site, claiming to have stolen 512GB of '
'data, including HR information, customer disputes, legal '
'advice, company policies, trading information, passport scans '
'of employees, and KYC records of clients.',
'impact': {'data_compromised': '512GB', 'identity_theft_risk': 'High'},
'motivation': 'Extortion',
'ransomware': {'data_exfiltration': 'Yes', 'ransomware_strain': 'Chaos'},
'references': [{'date_accessed': '2023-12-08', 'source': 'Cyber Daily'},
{'source': 'Talos Intelligence'}],
'threat_actor': 'Chaos',
'title': 'ThinkMarkets Data Breach by Chaos Ransomware Group',
'type': 'Ransomware'}