Aman Suffers Massive Breach
Categories

Egyptian Fintech Company Aman Suffers Massive Breach: 115,000 KYC Records and Biometric Data Exposed

  • Posted by Sean Doyle
  • Updated
  • 4 min

One of Egypt’s largest financial technology firms, Aman Holding, has reportedly suffered a severe data breach that exposed sensitive Know Your Customer (KYC) data from more than 115,000 users. The exposed information includes National ID numbers, facial recognition images, and hundreds of other personal and financial details. Even more alarming, the attacker claims to still have live access to Aman’s production database, allowing them to collect new records in real time.

Details of the Breach

On November 1, 2025, a post appeared on a dark web forum advertising what the attacker described as a complete, live database dump from Aman. The seller claimed that the company’s systems remain compromised and that new customer data is added to the stolen dataset daily. Aman is a major Egyptian fintech platform offering payment, e-commerce, and lending services, making this breach one of the most damaging financial data exposures in Egypt’s recent history.

  • Source: Aman Holding (aman.eg)
  • Type of Breach: Active, ongoing data exfiltration
  • Records Affected: More than 115,000 users and counting
  • Data Contents: National ID numbers, facial photos, financial information, and 516 database columns of personal data

The post indicated that the attacker obtained Aman’s master customer database. This record reportedly contains every piece of data used for identity verification, lending approval, and financial tracking. The breach is considered “live” because new entries continue to appear as additional users sign up for Aman’s services.

The Data Exposed

The stolen data reportedly contains 516 unique columns per record, making it one of the most detailed customer databases ever leaked in the region. Researchers examining samples of the data confirmed the inclusion of the following information:

  • National ID numbers (official Egyptian identifiers)
  • High-resolution facial photographs used for KYC verification
  • Full names, contact details, and home addresses
  • Transaction and payment history
  • Installment and credit information
  • Account verification and status data

These details represent a complete identity profile. When combined, National ID numbers and face photos allow attackers to impersonate victims in person and online, easily bypassing verification systems used by banks, telecom providers, and fintech companies across Egypt.

A Growing Financial and Security Crisis

Experts are calling this a national-scale cybersecurity incident. The breach not only impacts thousands of customers but also threatens the broader financial ecosystem that depends on biometric verification and digital identity. Because the attacker claims persistent access, this is more than a one-time leak. It is an ongoing compromise where new data is being stolen every day.

With full KYC data in hand, cybercriminals can engage in several forms of high-impact fraud, including:

  • Identity Theft: Opening new bank or credit accounts under a victim’s name using their National ID and face photo.
  • Loan Fraud: Applying for personal loans or installment plans in the victim’s name, then disappearing before repayment.
  • KYC Bypass: Using stolen face images to verify accounts on other financial platforms, including cryptocurrency exchanges.
  • Targeted Phishing: Crafting realistic social engineering messages that appear legitimate by including verified user data.

Regulatory Implications and National Impact

This breach violates Egypt’s Personal Data Protection Law (PDPL), which governs how sensitive data such as biometric and financial information must be stored and protected. Under the PDPL, Aman is required to report the breach to the Data Protection Centre (DPC) and the Central Bank of Egypt (CBE). Failure to comply can lead to significant penalties and legal action.

Because the attacker appears to have continuous access, this is not only a data protection failure but also a live cybersecurity threat that requires immediate containment. If the breach remains unmitigated, it could undermine confidence in Egypt’s growing digital financial services sector and expose additional institutions through interconnected payment systems.

Recommended Actions for Aman

Security experts emphasize that Aman must act quickly to contain the attack and safeguard user data. The following steps are considered critical:

  • Activate Incident Response Protocols: Engage a professional digital forensics and incident response (DFIR) team to identify how the attacker gained access.
  • Remove Persistence: Locate and eliminate any backdoors or compromised administrator credentials to prevent further data extraction.
  • Rotate All Credentials: Change all passwords, database keys, and service tokens across the organization.
  • Regulatory Compliance: File mandatory breach notifications with the DPC and CBE in accordance with PDPL requirements.
  • Customer Notification: Inform all affected users via SMS and email that their National ID, biometric data, and financial records have been exposed.

Aman must also consider temporarily disabling certain services until investigators confirm that its infrastructure is secure. Given the nature of the data involved, full transparency is critical to preventing further damage and restoring public trust.

What Affected Customers Should Do

If you are an Aman customer, you should assume that your data has been exposed and take immediate steps to protect yourself from financial fraud and identity theft. Recommended actions include:

  • Contact Your Bank: Notify your bank about the breach and request enhanced monitoring or a fraud alert linked to your National ID.
  • Monitor Transactions: Check your financial accounts frequently for unauthorized charges or loan applications you did not initiate.
  • Watch for Scams: Be cautious of any phone calls or messages that reference your ID number, financial details, or KYC verification. These are likely phishing attempts.
  • Use Cybersecurity Tools: Install reputable anti-malware software such as Malwarebytes with real-time identity theft and web protection features to detect credential-stealing malware or fake banking applications.
  • Secure Your Personal Data: Avoid sharing personal information online and be alert to any unusual activity involving your National ID or face image.

This event demonstrates the urgent need for financial institutions to adopt modern cybersecurity measures and continuous monitoring to protect their users. Fintech companies like Aman handle highly sensitive personal data that, if exposed, can have long-term consequences for both individuals and national infrastructure. Every additional day that this breach remains active increases the risk for Egyptian citizens and the broader financial ecosystem.

Written by

Sean Doyle

Sean is a tech author and security researcher with more than 20 years of experience in cybersecurity, privacy, malware analysis, analytics, and online marketing. He focuses on clear reporting, deep technical investigation, and practical guidance that helps readers stay safe in a fast-moving digital landscape. His work continues to appear in respected publications, including articles written for Private Internet Access. Through Botcrawl and his ongoing cybersecurity coverage, Sean provides trusted insights on data breaches, malware threats, and online safety for individuals and businesses worldwide.

More Reading

Post navigation

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.