Back

fiserv.com Domain Breach Exposure Report

Risk Score

High Risk

Massive event volume or critical assets compromised.

AI Findings Summary

Critical

The telemetry indicates a significant exposure event impacting fiserv.com, with 80,597 historical data breaches and 3,195 active infostealer logs detected over the reporting period. The majority of the exposure, 96.2%, is attributed to historical data breaches, while 3.8% relates to active infostealer activity. The timeline shows a substantial increase in employee and client-related events starting in September 2025 and peaking in January 2026, with a notable secondary peak in March 2026. Malware analysis reveals Redline as the predominant infostealer family (57.7%), followed by Rhadamanthys (8.1%) and LummaC2 (6.3%). The exposure is geographically concentrated in the United States, Netherlands, and Germany. The data suggests a high-risk scenario due to the sheer volume of historical breaches and the presence of active infostealer campaigns targeting employee and client data, potentially leading to widespread credential compromise and further downstream attacks.

Total Events

83,792
credential exposure events

Employee Affected Events

76,107
account email domain = fiserv.com

Client Affected Events

7,685
service target = fiserv.com

Free Community Account

Stop stolen credentials from logging in

Own this domain? Create a free Lunar account to see full exposure data and evidence.

12-Month Events Timeline

Event volume by breach date, employee VS client

EmployeesClients
40,00026,66713,3330
peak month 33,963
Jul 25Sep 25Nov 25Jan 26Mar 26May 26Jun 26

Infostealers VS Data Breaches

Live stealer logs VS data breaches

Infostealer logs
Events3,195
Share4%
Data breaches
Events80,597
Share96%
Infostealer logs (4%)
3,195events
Data breaches (96%)
80,597events

76,107 compromised employee accounts pose an infrastructure risk, while 7,685 leaked client credentials create regulatory liability.

Antivirus Distribution

Security Tools on Infected Endpoints

Windows Defender103
McAfee47
Windows Defender.8
Bitdefender2
Unknown2
Avira2
Windows Defender McAfee.2
Windows Defender ESET Security2
Kaspersky2

Malware Families Distribution

Distribution of Active Stealer Strains

Redline1,842
Rhadamanthys258
LummaC2202
Blank Grabber125
Acreed85
Vidar84
StealC17
Millenium8
X-Files6

Top Login URLs

Top exposed services found in the event results

  1. 1fiserv.com1,077
  2. 2netbranch.app.fiserv.com389
  3. 3https://pcicompliance.fiserv.com/safemaker/303
  4. 4https://netbranch.app.fiserv.com280
  5. 5https://merchants.fiserv.com/es-uy/250
  6. 6https://www.netbranch.app.fiserv.com246
  7. 7android://MyBjINYZ4tiVbm_FWVGd6hwMVC7sGxgvoDXwpPOz_1zFswDPlu6b9BswaVYsZifRkc8qfPnYS2U0HaGZ0o_fsQ==@com.fiserv.popmoney/206
  8. 8https://www.fiserv.com/en/account/create-profile.html177
  9. 9www.netbranch.app.fiserv.com169
  10. 10https://fiserv.com155

Infostealer By Geography

Shows the distribution of Infostealer-related credential exposure events across different geographic regions. The location is determined by analyzing the metadata of the infected machines associated with each event.

United States
Events817
Netherlands
Events370
Germany
Events360
United Kingdom
Events168
Denmark
Events152
India
Events126
Uruguay
Events53
France
Events43

Country Breakdown

  1. 1United States817
  2. 2Netherlands370
  3. 3Germany360
  4. 4United Kingdom168
  5. 5Denmark152
  6. 6India126
  7. 7Uruguay53
  8. 8France43

Services Classification Distribution

Blast radius - closer to core = more critical infrastructure, size = credential volume

Microsoft292
Citrix63
Git28
Pulse Secure19
Cisco (AnyConnect)17
FortiNet VPN5
Centrify (now Delinea)5

Operating System Distribution

Distribution of compromised endpoint builds

Windows 11 24H2 build 26100 (64 Bit)179
Windows 7 x32141
Windows Server 2012 x32129
Windows 10 Home x32126
Windows Server 2012 R2 x32125

Leak Repository Classification

Where the exposed records currently reside

0
Named breaches
43,770
Combolist pools
36,827
Unattributed dumps

Disclaimer: This report includes AI-generated content. AI can make mistakes, so verify important findings independently before taking action.