19th February 2026 Cyber Update: youX Breach Exposes 444,000 Australians

Cyber News Centre's cyber update for 19th February 2026: Sydney-based fintech platform youX has confirmed a catastrophic data breach, exposing the highly sensitive personal and financial information of 444,538 Australian borrowers.

youX is a Sydney-based asset finance technology company that provides a platform for thousands of finance brokers and over 90 lenders, including major Australian banks. The platform is used to manage, assess, and submit loan applications, connecting borrowers with a wide network of financial institutions.

The Update and Why It Matters

Update: Sydney-based fintech youX has confirmed a massive data breach after a threat actor gained unauthorised access to an unsecured MongoDB Atlas cluster, exfiltrating 141GB of highly sensitive data.

The breach, which the company became aware of last week, impacts 444,538 unique Australian borrowers, with the compromised database reportedly left exposed for at least 10 months. The stolen data includes the personal and financial details of borrowers, such as income, debts, government IDs, and home addresses.

The hacker claims to have obtained 629,597 loan applications, 229,236 Australian driver's licences, and 607,822 residential addresses. The threat actor has released a preview of the data, including $3.7 billion in loan applications, and is threatening to release the full dataset in stages if a ransom is not paid. youX has notified the Office of the Australian Information Commissioner (OAIC) and is in the process of notifying affected individuals.

The company has engaged external cybersecurity experts to investigate the incident and has implemented additional security controls and enhanced monitoring across its systems. The breach also affects 797 broker organisations and over 90 downstream lenders.

Why it Matters: This breach represents a significant threat to the financial security of hundreds of thousands of Australians. The sheer volume and sensitivity of the stolen data—including driver's licences, financial details, and personal identifiers—create a perfect storm for widespread identity theft, sophisticated phishing attacks, and financial fraud.

The exposure of data from over 90 lenders, including major banks, highlights the systemic risk inherent in the interconnected financial ecosystem. For the 797 affected broker organisations, the breach is a major blow to client trust and operational integrity. The incident serves as a stark reminder of the critical importance of securing third-party platforms and the devastating consequences of long-term data exposure.

Get the stories that matter to you.
Subscribe to Cyber News Centre and update your preferences to follow our Daily 4min Cyber Update, Innovative AI Startups, The AI Diplomat series, or the main Cyber News Centre newsletter — featuring in-depth analysis on major cyber incidents, tech breakthroughs, global policy, and AI developments.