Money Mart, a financial services company that provides check cashing and short-term loans across the United States and Canada, has been listed as the victim of a ransomware attack by a criminal group known as Everest. The group claims to have stolen more than 80,000 internal files from the company. According to the sample published on its leak site, the attackers say the data includes customer information, financial records and employee details.
According to reports, the sample appears to contain full names, addresses, dates of birth, driver’s licence numbers, email addresses and credit card information. The dataset also reportedly contains account credit limits, transaction records, payment histories and transfer account numbers that include partial financial information.
The attackers also claim to have obtained internal company documents. These include employee records such as job titles, employment history, work email addresses and internal identification codes. Some files appear to show information relating to employment status and internal communication logs. The samples published by the attackers have not been independently verified, and Money Mart has not publicly confirmed the incident.
Everest has threatened to make the full dataset publicly available if Money Mart does not contact them by 30 November 2025. The group often uses deadlines to pressure victims into making contact or agreeing to ransom negotiations. The notification suggests that if no communication occurs by the deadline, the stolen data will be released or sold on criminal marketplaces.
Money Mart operates hundreds of branches that offer payday loans, currency exchange, money transfers and prepaid debit cards. Because these services involve large volumes of sensitive information, the company manages substantial amounts of personally identifiable data. Security analysts warn that the alleged breach could place affected customers at risk of identity theft and financial fraud. Exposure of bank account details, payment card data and personal identifiers may lead to unauthorized transactions or misuse of stolen credentials. Employees whose records were exposed could also face risks if personal information is reused for fraudulent activity.
Users who have made transactions with Money Mart are advised to monitor their bank and payment accounts for signs of suspicious activity. Security specialists recommend requesting replacement cards if necessary, enabling transaction alerts and checking credit reports for unexpected enquiries or new accounts. They also advise against reusing any passwords associated with the compromised service and suggest enabling stronger authentication methods where possible.
If the data is fully released, Money Mart may face regulatory investigation and possible legal action. Financial service providers are required to safeguard personal information, and regulators may review whether the company’s security controls meet required standards. A significant breach could lead to fines and compensation claims if customers can show that inadequate protection contributed to the exposure.
The incident highlights the continued targeting of alternative financial services by criminal groups. Analysts note that although large banks have invested heavily in defensive tools, smaller or specialized financial providers may not have the same level of protection. As a result, ransomware groups increasingly focus on firms that manage sensitive financial information but may lack advanced security infrastructure. The alleged breach at Money Mart illustrates the importance of strong cybersecurity programs and regular testing of defences, especially within businesses that store high volumes of personal and financial data.