In The Event Of
Get started free
Y

youX Data Breach 2026:
What You Need to Know

Sydney asset-finance platform youX exposed 444,538 Australian borrowers' loan application records, including 229,236 driver's licences, after leaving a MongoDB Atlas cluster open on the public internet for at least 10 months. Most affected Australians had never heard of youX; their data was fed in by their mortgage or car-finance broker.

Breach disclosed:17 February 2026
Records affected:~444,538 borrowers
Risk level:High

Your personal risk from this breach

Sign in or create a free account to see your personalised risk score.

View My Risk

What Happened

How the youX Breach Unfolded

August 2025 to February 2026

A youX MongoDB Atlas cluster sat open on the public internet for at least 10 months, accessible to anyone who knew the connection string. The cluster held loan application data fed into youX by mortgage and car-finance brokers across more than 90 lenders and 797 broker organisations.

17 February 2026

youX confirmed unauthorised access to the exposed database. The company notified the Office of the Australian Information Commissioner (OAIC) and the Australian Cyber Security Centre (ACSC), and obtained an injunction from the NSW Supreme Court restraining further dissemination of the impacted data.

Affected borrowers may have received a notification from youX or directly from their broker or lender. ASX-listed Motorcycle Holdings (ASX:MTO) disclosed its exposure to the incident in a formal ASX announcement on 18 February 2026.

May 2026

After youX declined extortion demands, the threat actor “FulcrumSec” listed youX on its dark-web leak site and published approximately 141 GB of stolen data, covering 444,538 unique borrowers and 629,597 loan applications.

Sources: Cyber Daily AU, ACS Information Age

What Was Exposed

Personal Data Leaked in the Breach

The leaked dataset is the loan application context youX held on behalf of the lenders and brokers that integrated with the platform. It combines identity-linked data (name, date of birth, address, driver's licence) with detailed financial records (income, debts, repayment history) for hundreds of thousands of Australians.

Data TypeRisk LevelWho Was Affected
Full nameHighAll 444,538 affected borrowers
Email addressHighSubset of affected borrowers
Phone numberHighSubset of affected borrowers
Residential addressHigh607,822 affected borrowers
Date of birthHighAll affected borrowers
Driver's licence numberHigh229,236 affected borrowers
Income and debt recordsHighAll borrowers in scope (loan application context)
Loan application dataMediumAll 629,597 loan applications
Broker employee password hashesMediumApproximately 8,000 broker employees (separate cohort)

Risk levels based on the OAIC: What is personal information? and OAIC Australian Privacy Principles. Identity-linked data (name, date of birth, address, driver's licence) combined with detailed financial information (income, debts) is rated High because the combination supports both identity-fraud setup and targeted financial-scam approaches.

✅ Confirmed NOT Exposed

Bank account numbers, credit card details, and biometric data were not in scope of the breach. The leaked dataset is the loan application context held by youX, not your bank's records or your active loan accounts.

Company Response

What youX Did

“youX has obtained an injunction from the Supreme Court of New South Wales to prevent further access, disclosure or dissemination of the impacted data.”
youX statement, February 2026

Actions Taken by youX

  • Confirmed unauthorised access via internal forensics
  • Notified the OAIC and the Australian Cyber Security Centre (ACSC)
  • Obtained an injunction from the NSW Supreme Court restraining further dissemination of the data
  • Began direct notifications to affected borrowers, with parallel notifications via lenders and brokers
  • Engaged external incident responders
  • Hardened the MongoDB Atlas configuration: closed open clusters, added authentication, and applied IP allowlisting
ACSC (cyber.gov.au)OAIC Notifiable Data Breaches

What Now?

Steps You Can Take After the youX Breach

Because this breach combines name date of birth address driver's licence and detailed financial records, the most useful next steps focus on identity-document protection, credit monitoring, and locking down the email and phone numbers used in your loan application.

Driver's Licence Protection

229,236 driver's licence numbers were in the leak. Treat yours as compromised.

Report your driver's licence as compromised

~15 min
Contact the state or territory authority that issued your driver's licence (for example Service NSW, VicRoads, Service Victoria, TMR Queensland, Service SA, Transport WA, Access Canberra, Service Tas, or MVR NT). Most jurisdictions will replace your licence with a new card number on the basis that the original number has been exposed in a data breach. Many will waive the replacement fee where you can show the breach notification.

Add a flag with the document verification service

If your state or territory supports it, register that your licence has been exposed so that downstream identity-verification checks (for new credit, telco accounts, and so on) apply additional scrutiny to applications using that licence number.

Financial Account Monitoring

Identity documents plus income data make targeted credit fraud easier to attempt.

Place a free credit ban with Australian credit bureaus

~20 min
A credit ban prevents new credit from being opened against your identity without additional verification. Bans are free and can be placed for an initial 21 days, with extensions if there is evidence of identity-fraud risk (the youX notification can serve as that evidence).
Equifax AUExperian AU

Review bank statements for unfamiliar activity

Although bank account numbers were not in scope, the leaked income and debt records may be used to craft convincing impersonation attempts against your bank. Reviewing recent statements and enabling transaction alerts is a sensible precaution.

Alert your active lenders that your identity documents are exposed

If you have an active home loan, car loan, or other facility, a short note to your lender (via secure messaging or your broker) asking them to flag your file for identity-fraud risk can reduce the chance that a fraudulent variation, redraw, or refinance is processed without challenge.

Email and Digital Identity

The email and phone number you gave your broker were almost certainly in the leak.

Strengthen email security

~5 min
Update the password and enable MFA on the email account associated with your loan application. Check for unfamiliar forwarding rules or connected app permissions, which can be exploited to silently intercept communications from your bank or lender.

Set a port-out PIN on your mobile carrier

~10 min
Where phone number was part of the exposed data, contact your mobile carrier to set a SIM port-out PIN. SIM-swap fraud is commonly used to intercept verification codes and bypass MFA on banking and email accounts.
Telstra security

Understand your full account exposure

Most people have dozens of online accounts linked to a single email address. Mapping which services are connected helps you prioritise where to update passwords and review activity after a breach like this.

Monitoring and Reporting

Australian resources for breach response and identity protection.

Contact IDCare for tailored guidance

IDCare (1800 595 160) is Australia's national identity and cyber support service. They provide free, tailored guidance for people affected by data breaches, including case-managed support if you start to see signs of identity misuse.

Report scams and suspicious contact

Reporting attempted phishing or impersonation to Scamwatch and incidents of identity compromise to the ACSC helps authorities track how leaked data sets are being used in active scam campaigns.

Not sure which of your accounts are affected?

In The Event Of discovers your accounts automatically and alerts you in real time when new breaches affect your data.

Check My Email Free

Are You Still at Risk?

The Hidden Danger: Compound Breach Exposure

The youX breach did not happen in isolation. If your data also appeared in other major Australian breaches, the combination of leaked information can build a more complete identity profile.

How breach data compounds

On its own, the youX breach exposed names, dates of birth, addresses, driver's licence numbers, and detailed financial records. If your email or licence also appeared in the Optus, Medibank, or Latitude breaches, the combined data set can include identity documents, Medicare details, and health records. This kind of compound exposure significantly increases the risk of identity fraud.

  • Optus (2022)9.8M records - identity documents
  • Medibank (2022)9.7M records - health information
  • Latitude Financial (2023)14M records - identity documents
  • youX (2026)444K records - driver's licence, addresses, financial data

If your email or licence appears in two or more of these breaches, your risk level is significantly elevated. In The Event Of can overlay your breach data to show exactly where your exposure compounds, and help you prioritise what to address first.

Were you affected?

Find out in 30 seconds. Free to check.

Check My Email Free

No credit card required.

Frequently Asked Questions

youX Breach FAQ

Sources

  1. Cyber Daily AU: "Aussie fintech platform youX confirms data breach as hacker shares massive dataset online"
  2. ACS Information Age: "Hacker uploads alleged youX stolen data"
  3. IDM Magazine: "youX Data Breach Exposes 444,000 Australians' Records"
  4. Secure ISS: "444,000+ Australians' Financial Data Exposed By a Company They Didn't Know Had It"
  5. Lunar Cyber breach catalog: youxpowered.com.au
  6. OAIC: Notifiable Data Breaches scheme
  7. OAIC: What is personal information? (Privacy Act 1988 categories)
  8. OAIC: Australian Privacy Principles

Other Major Australian Data Breaches

Data from multiple breaches can be combined to increase identity fraud risk. Review these guides to understand your full exposure.

NYC Health + Hospitals Data Breach 2026

~1.8M records exposed

Critical

Australian Courts Data Breach 2026

Thousands of files records exposed

Critical

Prosura Data Breach 2026

300K-500K records exposed

High

Canvas (Instructure) Data Breach 2026

~275M (claimed) records exposed

Medium

Booking.com Data Breach 2026

Undisclosed records exposed

High

McGraw Hill Data Breach 2026

13.5M records exposed

High

Crunchyroll Data Breach 2026

Undisclosed records exposed

High

Eurail Data Breach 2026

300K+ records exposed

High

Basic-Fit Data Breach 2026

1M records exposed

High

Under Armour Data Breach 2025

72M records exposed

High

Salesforce (ShinyHunters) Data Breach 2025

~1B records exposed

High

Allianz Life Data Breach 2025

2.8M records exposed

High

Workday Data Breach 2025

Undisclosed records exposed

Medium

Western Sydney University Data Breach 2025

10K records exposed

High

Genea Fertility Data Breach 2025

940K records exposed

Critical

DeepSeek Data Breach 2025

1M records exposed

Medium

Tangerine Telecom Data Breach 2024

232K records exposed

High

Australian Clinical Labs Data Breach 2022

223K records exposed

Critical

Qantas Data Breach 2025

5.7M records exposed

High

Optus Data Breach 2022

9.8M records exposed

Critical

Medibank Data Breach 2022

9.7M records exposed

Critical

Latitude Financial Data Breach 2023

14M records exposed

Critical

MyDeal (Woolworths) Data Breach 2022

2.2M records exposed

High
View all breach guides →

Disclaimer: This guide is provided for general informational purposes only and does not constitute legal, financial, or professional advice. The information is based on publicly available sources at the time of writing and may not reflect the most current developments. In The Event Of Pty Ltd (ABN 38 687 352 647) is not affiliated with youX or any of the lenders or brokers that integrated with the youX platform. If you believe you have been affected by this data breach, we recommend contacting the relevant authorities and seeking professional guidance specific to your circumstances.