Search TorWire

Find cybersecurity guides and research articles

Home > News > Cybersecurity > Cybercriminal Claims Theft of 100TB of Data From Israeli Fintech Company

Cybercriminal Claims Theft of 100TB of Data From Israeli Fintech Company

By: Morgan Cipher Senior Privacy Journalist

Last updated: July 9, 2026

Human Written
Cybercriminal Claims Theft of 100TB of Data From Israeli Fintech Company
  • A cyber thief is boasting more than 100TB of data from an Israeli fintech company up for sale.

  • The alleged data includes payment card records, transaction history, source code, API keys, and customer information.

  • The attacker says an online data portal will go live on July 21. He hid in the network for a year to gather such a large amount of data.

The claim first appeared on an underground hacking forum. It later caught the attention of cybersecurity intelligence accounts that track activity across cybercrime communities.

According to the post, the attacker secretly remained inside the company’s systems for nearly one year. During that time, the actor claims to have hijacked over 100 terabytes of the company’s and customer data.

The claims have gained attention because of the reported size of the stolen data. However, no independent researcher has confirmed the breach.

The company has also not released any public statement confirming that an attack took place. For now, the alleged breach remains an unverified claim posted on an underground forum.

Threat Actor Claims to Hold Payment Records, Source Code, and API Keys

According to Dark Feed, the threat actor claims the stolen files contain a lot of sensitive information. These reportedly include payment card records, customer details, transaction records, API keys, source code, and other internal materials.

The threat actor’s message reads, “For almost a year, we had complete access to the company’s infrastructure. During that period, we collected more than 100TB of valuable information. They include payment card data, transaction records, source code, API keys, and many other important assets.”

The attacker also claimed the operation targeted one of Israel’s leading fintech companies. The threat actor went on to announce another step. An interactive website containing the alleged stolen data is expected to launch on July 21.

The targeting of Israeli firms has been a recurring theme, Israeli companies have also been reported to have developed tools to track and de-anonymize Starlink users. The actor suggested the portal would allow visitors to browse the information if the company fails to settle their demands.

This type of pressure has become common among cybercriminal groups. Many attackers now threaten to publish stolen information online to force companies into paying ransom or extortion demands. Whether that website will actually appear remains unknown.

Dark Feed also noted that the company’s share price fell sharply after news of the underground forum post. The timing quickly attracted attention. Even so, there is no evidence that ties the market movement to the alleged cyberattack. Stock prices often change for many reasons. Investor confidence, company earnings, world events, and wider market conditions can all affect trading.

So far, there is no official statement from the company or financial regulators. Therefore, any connection between the reported breach and the falling share price remains only speculation. The reported incident also reminds businesses why financial technology companies remain attractive targets for cybercriminals.

Fintech firms handle large amounts of payment data every day. They also store customer information, financial records, and valuable software that attackers may try to steal. As such, cybercriminals often target the industry through ransomware, data theft, and extortion campaigns.

Researchers regularly monitor underground forums because they can reveal attacks before companies announce them publicly. Still, experts also warn that criminals sometimes exaggerate their claims. Some threat actors inflate the amount of stolen data to gain attention.

Others make false claims to damage a company’s reputation or increase pressure during ransom negotiations. That is why security researchers always look for independent proof before confirming a breach. At this stage, no such confirmation is out.

Cybersecurity Community Watches for Proof as July 21 Approaches

The coming days could reveal whether the actor’s claims are genuine. If the promised data portal appears on July 21, researchers will likely examine the leaked files to determine whether they belong to the reported company. Otherwise, the claims could lose credibility.

The affected company may also release an official statement before then. Security researchers could also uncover technical evidence that either supports or disproves the attack. Until that happens, the reported incident should remain an allegation rather than a confirmed breach.

Even so, the case highlights how underground forums continue to serve as places where cybercriminals thrive. For businesses, it is another reminder that long-term intrusions can remain hidden for months before they come to light.

Attackers often spend that time collecting sensitive information instead of acting immediately. For customers, the incident shows why it is important to stay alert whenever breach reports emerge, especially when financial information may be involved.

As of publication, the alleged compromise remains unverified. The cybersecurity community is now watching closely for new evidence, an official company response, or the threat actor’s promised data release later this month.

Share this article

About the Author

Morgan Cipher

Morgan Cipher

Senior Privacy Journalist

Morgan combines a journalist’s curiosity with a security specialist’s precision. His reporting on data breaches, privacy laws, and encryption tech has been featured in several tech publications. At TorWire, he focuses on real-world threats and how to counter them, always with an eye on what’s next in digital privacy.

Comments (0)

No comments.