What happened
In July 2024 the mortgage broker and peer-to-peer lender Squirrel disclosed a security incident exposing the details of up to 600 investors — names, dates of birth, and passport or driver-licence ID numbers retained by a third-party identity-verification system used in onboarding [sq-rnz], [sq-zb]. Squirrel said no account or financial data was exposed.
Current status
Disclosed. Squirrel notified affected investors; an overseas attacker was suspected [sq-zb]. The figure of up to 600 is the company’s own.
Why it matters
Identity numbers are exactly what enables impersonation fraud, and the incident shows how a third-party onboarding tool can become the exposure point rather than a lender’s own systems.