Alleged Leak Exposes 2 Million Chinese Loan Customer Records on Telegram

A database allegedly containing approximately two million records belonging to customers of an unnamed Chinese bank has surfaced on a Telegram channel, raising concerns about the exposure of highly sensitive personal and financial information.

According to information shared by ThreatMon, the dataset was reportedly posted on June 19, 2026, by a Telegram user operating under the handle “@hongmenxing.” The alleged leak contains extensive personally identifiable information (PII) alongside detailed financial data belonging to loan customers.

The affected financial institution has not been publicly identified, and no official statement has yet been issued regarding the incident. The authenticity of the leaked database also remains independently unverified.

However, cybersecurity experts say the nature of the allegedly exposed information could create significant risks if the data proves genuine.

Financial Profiles and National IDs Exposed

According to the leak description, the database contains numerous sensitive fields, including:

• Full names
• Gender information
• Mobile phone numbers
• Dates of birth
• Chinese national ID card numbers
• Residential addresses
• Education levels
• Monthly income data
• Debt repayment amounts
• Mortgage information
• Marital status

Security researchers note that the combination of financial information with government-issued identification numbers significantly increases the potential impact of a data exposure.

Chinese identity card numbers serve as a primary means of authentication across numerous financial, government, telecommunications, and online services. Unlike passwords, compromised identifiers are difficult to replace.

“The exposure of both financial and identity information creates a highly valuable package for cybercriminals,” researchers frequently warn in large-scale data breach investigations.

Risks of Fraud and Social Engineering

The alleged leak may provide threat actors with enough information to conduct targeted phishing campaigns, financial fraud, identity theft, and social engineering attacks.

Criminals often use detailed financial information to make fraudulent communications appear legitimate. Victims may receive convincing phone calls, text messages, or emails referencing their actual income levels, mortgage information, or loan obligations.

The inclusion of monthly debt repayments and income data could also allow attackers to identify financially vulnerable individuals.

Threat intelligence reports have increasingly highlighted Telegram as a distribution platform for stolen data and cybercriminal marketplaces. Researchers have documented the use of Telegram channels to advertise databases, credentials, financial records, and unauthorized access to corporate systems.

China’s Growing Data Exposure Problem

China has experienced several large-scale data exposures in recent years, with researchers repeatedly identifying massive collections of personal and financial information appearing online.

Analysts from multiple threat intelligence organizations have noted that Chinese-language cybercriminal ecosystems often focus heavily on collecting, aggregating, and monetizing personal data. Criminals may use these datasets for fraud, profiling, phishing, and other cybercrimes.

Security researchers have also warned that centralized databases containing extensive financial and behavioral information create particularly attractive targets for attackers.

As one recent analysis noted, large-scale datasets can become “intelligence goldmines” capable of enabling identity correlation, behavioral profiling, and long-term exploitation efforts. Despite the serious claims, researchers urge caution when evaluating underground leak posts.

Cybercriminal actors sometimes exaggerate record counts, recycle older data, or misrepresent the origin of datasets to increase their perceived value. Without independent validation, the full scope and authenticity of the alleged breach remain unclear.

The same caution applies to other massive breach claims, including a recent Telegram data breach claim that emerged online, where authenticity similarly remains to be verified.

If confirmed, however, the incident could represent one of the more significant financial data exposures reported in China this year.

Security experts advise individuals who may be affected to closely monitor financial accounts, remain cautious of unexpected communications, verify requests for personal information, and watch for signs of identity misuse.

The alleged breach serves as another reminder that financial institutions continue to face growing challenges in protecting large-scale repositories of customer data from theft, unauthorized access, and eventual distribution through criminal channels.