How many records were stolen in the Addi.com breach?

ShinyHunters claims to have stolen more than 16 million records from Addi.com, with the total volume of stolen data reportedly reaching 518GB.

What type of data was compromised in the Addi.com attack?

The stolen data includes sensitive personal information, credit card transaction details, and KYC data sourced from major credit bureaus including TransUnion and Experian.

ShinyHunters is a ransomware group responsible for several high-profile cyberattacks, including breaches at Dutch telecom provider Odido and home security company Alert 360.

Why is KYC data considered especially valuable to cybercriminals?

KYC data typically contains government-issued ID numbers, proof of address, employment details, and sometimes biometric records, giving attackers a complete financial profile of each victim when combined with credit bureau data.

Can using a VPN protect users from this type of data breach?

No, a VPN only encrypts internet traffic in transit and has no bearing on what happens inside a company's databases once personal information has already been shared with them.

ShinyHunters Hits Addi.com: 16M Financial Records Stolen

The ransomware group ShinyHunters has claimed responsibility for a cyberattack on Addi.com, a Colombian financial services company operating as Adelante Soluciones Financieras. According to the group's announcement, more than 16 million records were compromised, containing sensitive personal information, credit card transaction details, and Know Your Customer (KYC) data sourced from major credit bureaus including TransUnion and Experian. The total volume of stolen data reportedly reaches 518GB.

This breach follows a pattern of escalating attacks by the same group. ShinyHunters has been behind several high-profile incidents in recent months, including a claim of 21 million records stolen from Dutch telecom provider Odido and a breach at home security company Alert 360 that exposed 2.5 million records. The group appears to be accelerating both the frequency and scale of its operations.

What Makes This Breach Particularly Serious

Most data breaches involve one or two categories of personal information. The Addi.com incident is different because it combines several layers of highly sensitive data in a single dataset.

KYC data is especially valuable to cybercriminals. Financial institutions collect this information to verify customer identities, which typically means it contains government-issued ID numbers, proof of address, employment details, and in some cases biometric records. When that data is paired with credit bureau records from agencies like TransUnion and Experian, an attacker effectively holds a complete financial profile of each victim.

Credit bureau data can include credit scores, loan histories, outstanding debts, and payment behavior spanning years. Combined with transaction-level credit card data, this gives bad actors everything they need to open fraudulent accounts, apply for loans in a victim's name, or craft highly convincing phishing attempts targeting specific financial vulnerabilities.

For users based in Colombia and any other markets where Addi.com operates, the risk of identity fraud and financial account takeover is elevated for the foreseeable future.

Why a VPN Alone Cannot Protect You from This Kind of Exposure

A common misconception is that using a VPN shields users from data breaches. It does not. A VPN protects your internet traffic in transit, masking your IP address and encrypting data moving between your device and a server. It has no bearing on what happens inside a company's own databases once you have already shared your information with them.

The Addi.com breach, like most major financial data incidents, occurred at the server level, not during transmission. Once a company holds your KYC documents, credit history, and transaction records, your personal VPN setup is irrelevant to whether that data stays secure.

This does not make VPNs unimportant. Encrypting your connection remains a meaningful step, particularly on public networks where credential theft through interception is a real risk. But breach events like this one underscore that privacy protection requires a layered approach, not a single tool.

What This Means For You

If you have used Addi.com or any service that shares data with Adelante Soluciones Financieras, you should act on the assumption that your information may be in circulation, even before any official confirmation from the company.

Here are concrete steps worth taking now:

Monitor your credit reports. In many countries, you can request free reports from credit bureaus. Look for accounts or inquiries you did not initiate. If bureau data was part of this breach, fraudulent credit applications are a realistic near-term threat.
Place a credit freeze if available in your jurisdiction. A freeze prevents new credit from being opened in your name without your direct involvement, even if someone holds your full personal information.
Change passwords on any financial accounts. If you reused credentials across services, update them immediately. Use a password manager to generate and store unique passwords for each account.
Enable multi-factor authentication. On banking apps, email, and any account tied to financial activity, MFA adds a barrier that stolen credentials alone cannot bypass.
Watch for targeted phishing. With detailed financial profiles in hand, attackers can craft convincing emails or calls that reference your actual loan history or account details. Be skeptical of any unsolicited contact asking you to verify financial information.
Use breach monitoring services. Several reputable services notify you when your email or credentials appear in newly leaked datasets. Setting up alerts gives you earlier warning than waiting for official company notifications.

The ShinyHunters group has demonstrated repeatedly, as seen in their attack on ADT that exposed records tied to millions of security customers, that no sector is off-limits and that negotiations do not reliably prevent data from being published or sold.

The Addi.com breach is a reminder that protecting your financial identity requires ongoing attention, not a one-time setup. Layering tools like VPNs, password managers, breach monitoring, and credit freezes together provides meaningful resilience, even when the companies holding your data fall short. Review your exposure now, rather than waiting for official communications that may arrive weeks after the damage has already been done.