What Happened
In November 2025, specifically around November 25-26, Money Mart (moneymart.ca), a North American financial services company offering payday loans, check cashing, and money transfers, suffered a ransomware attack claimed by the Everest group, who posted the breach on their dark web leak site and alleged stealing over 80,000 internal files from a company database. The exposed data included sensitive customer and employee personally identifiable information (PII) such as names, addresses, dates of birth, email addresses, driver’s license numbers, Social Security numbers, credit card details (partial numbers and limits), financial transaction records, employment history, and system profiles, affecting individuals in the US and Canada. Money Mart detected unauthorized access to files in a third-party application in early December 2025, launched a forensic investigation, notified affected victims, and offered 12 months of complimentary credit monitoring via Cyberscout/TransUnion without confirming the ransom demands or payment details. Everest gave the company until November 30, 2025, to respond before threatening full publication on hacker forums.
