LAST UPDATED Loading...

Pathstone Financial Allegedly Breached as 614,000 Customer Records Offered for Sale

A cybercrime forum post alleges the sale of 614,000 Pathstone Financial customer records containing identity, banking, payment card, and KYC information.
Screenshot of a cybercrime forum post advertising the alleged sale of a Pathstone Financial database containing 614,000 customer records. The listing claims the dataset includes identity information, payment card data, bank account details, KYC documents, and other financial records allegedly obtained during a June 2026 AWS S3 misconfiguration incident.
A forum post alleges the sale of a 614,000-record Pathstone Financial database, claiming it contains customer identity, banking, payment card, and KYC data. BreachNews has not independently verified the authenticity of the claims.

A forum account is claiming to be selling what it describes as a complete database belonging to Pathstone Financial, alleging the dataset contains 614,000 customer records that include identity information, financial data, payment card details, and Know Your Customer (KYC) documents.

The alleged sale listing was published on July 4, one day before the same account posted a separate claim involving Aegis Defense Solutions. As with that listing, BreachNews has not independently verified the authenticity of the data or the claims made by the seller.

Forum post claims June AWS exposure

According to the listing, the seller alleges the data originated from a June 2026 Amazon S3 bucket misconfiguration affecting Pathstone Financial. The post claims a publicly accessible storage bucket exposed customer information between March and June before credentials were allegedly rotated and the exposure remediated.

The seller claims to possess a full SQL database export alongside structured CSV files containing approximately 614,000 customer records.

No technical evidence was provided to support the alleged compromise, and the listing did not include screenshots, sample records, or documentation that would independently verify the claims.

Identity, banking, and KYC records allegedly included

According to the forum post, the alleged dataset includes:

  • Full names, dates of birth, Social Security numbers, phone numbers, email addresses, and address history
  • Payment card information including card numbers, expiration dates, and billing details
  • Bank routing and account numbers
  • Driver’s licenses, passport scans, utility bills, and other KYC documentation
  • Employment information and income brackets
  • Credit score information
  • Security question data and hashed answers

The seller also makes numerous claims regarding the quality and completeness of the alleged database, including assertions about record validation and payment card status. BreachNews has not verified any of these claims.

Sale follows defense contractor listing

The Pathstone Financial listing appears to be the earliest known post from this forum account involving a major U.S. organization. One day later, the same account published a separate listing alleging the sale of 890,000 personnel records tied to Aegis Defense Solutions, including claims involving security clearance information, payroll records, and personnel files.

At present, there is no public evidence linking the two alleged incidents beyond the fact they were posted by the same forum account.

No public statement at publication

Pathstone Financial had not issued any public statement at time of publication acknowledging a cybersecurity incident matching the claims made in the forum listing.

If authentic, exposure of financial identity records and KYC documentation could present elevated risks of identity theft, financial fraud, and account takeover attempts. However, the authenticity of the alleged database remains unverified.

BreachNews will post an update if Pathstone Financial issues a public statement or additional evidence emerges supporting or refuting the claims.

Picture of m00s3c

m00s3c

Moose (@m00s3c) is the author of BreachNews, focusing on data breach intelligence, dark web monitoring, and threat analysis. His work involves analyzing breach claims, reviewing leaked datasets, and tracking threat actor activity to provide clear, factual reporting.

Latest News

Newsletter signup

Get the latest data breach and security news.

Please wait...

Thank you for signing up!

BREACHNEWS.COM/SUPPORT/

Support Independent News.

Help support breach monitoring, investigations, infrastructure, and reporting.

Support the site
INTEL.BREACHNEWS.COM

Live Cyber
Threat Map

Explore live cyber activity, recent breach reports, KEV alerts, and public threat feeds from a single interactive dashboard.

Launch Threat Map