Update – 02/03: 4,928 US residents are now confirmed to have been impacted in this breach.
Payday loan company Money Mart over the weekend began notifying victims of a November 2025 data breach that compromised names and Social Security numbers.
Money Mart said hackers broke into a third-party application and stole personal data held by the company. It did not name the application.
A ransomware group called Everest took credit for the breach shortly after it happened. On its data leak site, Everest said it stole 80,000 files including including the personal info of people in the US and Canada and employee-related documents.
Money Mart has not verified Everest’s claim. We do not know how many people the company notified, if Money Mart paid a ransom, how much Everest demanded, or how attackers breached Money Mart’s network. Comparitech contacted Money Mart for comment and will update this article if it replies.
“In early December 2025, we learned that an unauthorized third party gained access to certain files contained in a third-party application,” says Money Mart’s notice (PDF) to victims.
“Although the forensic investigation is ongoing, we have reason to believe that certain personal information in our possession was accessed and acquired by the unauthorized third party.”
Money Mart is offering victims 12 months of complimentary credit monitoring through TransUnion. The deadline to enroll is April 30, 2026.
Who is Everest?
Active since 2020, Everest is a ransomware gang and initial access broker. Its victims include NASA, the Brazilian government, and multiple hospitals and clinics. The group went quite in 2022 and 2023 but resurfaced in 2024.
In 2025, Everest took credit for 11 confirmed ransomware attacks across a wide swathe of industries. They include breaches at Collins Aerospace, which disrupted several European airports, and Dublin Airport, from which it reportedly stole 1.5 million passenger records.
Money Mart is the second finance company targeted by Everest. In June 2025, it claimed to hack New American Funding and steal 350 GB of data.
Everest claimed responsibility for another 73 unconfirmed attacks in 2025 that weren’t publicly acknowledged by the targeted organizations.
Ransomware attacks on US finance
Comparitech researchers logged 50 confirmed ransomware attacks on US financial companies in 2025, compromising more than 700,000 records.
The largest such attacks include:
- Wakefield & Associates notified 371,577 people of a January 2025 data breach claimed by Akira
- CRC Group notified 60,727 people of a February 2025 data breach claimed by LeakedData
This year, First Federal Savings & Loan Association of Pascagoula Moss Point started issuing data breach notices for a data breach that occurred in February 2025. Play Ransomware took credit for that attack.
Ransomware attacks on US financial firms can lock down computer systems and steal data. The attackers then demand a ransom in exchange for deleting the data and a key to restore infected systems. If the firm refuses, it faces extended downtime, permanent data loss, and putting data subjects at increased risk of fraud.
About Money Mart
Formerly Dollar Financial Group, Money Mart is a financial service offering cash advance and installment loans. It’s a brand of Momentum Financial Services Group, which also owns The Check Cashing Store and Centz. Momentum says it served 1.6 million customers in 2025, employs more than 2,000 people, and operates more than 420 branches across North America.
