Millions of Wise customer records, including ID card numbers, are for sale. If proved legitimate, the dataset could give cybercriminals exactly what they need to scam their victims.
-
4.9 million Wise records allegedly up for sale on an underground cybercrime forum, primarily tied to Spanish users.
-
Exposed data includes Spain's national ID numbers (NIF) and contact details.
-
Timestamps in the sample records range from late 2025 to early 2026, suggesting a recent exfiltration rather than repackaged old dumps.
-
Researchers warn that exposed data can put affected individuals to the risks of identity fraud and targeted fishing attacks.
A threat actor is advertising what they claim to be a database containing approximately 4.9 million records exfiltrated from the financial technology platform Wise. The fintech giant has over 15 million active customers globally.
The listing recently appeared on an underground cybercrime forum, where the seller claims the dataset contains personal information. The database is primarily linked to Spanish users.
While the scale of the alleged breach remains unverified, our researchers warn that the exposed information shown in the provided data samples could pose serious fraud and identity theft risks.
Cybernews researchers reviewed the samples published by the threat actor and found 17 records attached to the listing.
According to our researchers, the records contain a range of personally identifiable information, including:
- Full names
- Dates of birth
- Gender information
- Contact details
- Spanish NIF numbers
The presence of NIF numbers is particularly concerning. In Spain, the Número de Identificación Fiscal (NIF) serves as a tax identification number and, for many citizens, corresponds directly to their national identity number.
Researchers also noted that timestamps contained within the sample records appear relatively recent, with dates ranging from late 2025 into early 2026. This indicates that the data is freshly exfiltrated, not repurposed old data.
Wise users are at risk of fraud
Even without financial account information, the exposed fields could be highly valuable to cybercriminals.
“There's a significant risk of identity theft, fraud, and highly targeted social engineering attacks for the individuals mentioned in the dataset," our researchers warned.
The danger becomes even greater when criminals combine personal information from multiple sources to build detailed victim profiles.
The listing is particularly concerning, as the Wise brand has already been exploited in the wild for phishing attacks.
Cybernews previously reported a story shared with the outlet in which a woman received a legitimate-sounding call from a man who presented himself as a Wise support manager.
The scammers had her full name, email address, and phone number. To increase their credibility even more, they also shared the first six numbers of the woman’s physical debit card.
The woman did not fall for the trick, but imagine how hard it is to uncover a scam if attackers also recite numbers written on government-issued identification, such as Spain's NIF listed in the post.
Impersonation attempts can become even more convincing, potentially allowing fraudsters to bypass identity verification checks and build trust with victims.
We have reached out to Wise for comment and will update this article once we receive a reply.
Unlock more exclusive Cybernews content on YouTube.
Your email address will not be published. Required fields are markedmarked