TL;DR:
Sumsub identified a security incident in early 2026 involving unauthorized activity that originated from an external threat actor who submitted a malicious attachment through a third-party support ticketing platform in July 2024. […] While the company confirmed that identity document images and bank details remained secure, the exposed data included names, email addresses, and phone numbers for a specific subset of accounts.
The discovery of this intrusion occurred retrospectively during a routine security review, leading to immediate incident response and direct notification to all affected customers through their support manager - FIN CRIME CENTRAL
Sumsub is “trusted third party” that verifies the identity of millions of internet users via banks, fintech, crypto, gambling…
Unfortunately, I can’t find any mainstream English news sources reporting on this issue. The only recognizable English source reporting on it is Sumsub’s own blog post, which, of course, is biased.