A reported cybersecurity incident involving Empower Group may have exposed the personal information of millions of individuals after a threat actor claimed to have stolen hundreds of gigabytes of company data.
According to reports published in April and May 2026, the ransomware group known as DragonForce alleged that it successfully infiltrated Empower Group’s systems and exfiltrated approximately 316 GB of information. Researchers later reported discovering an indexed database containing what appears to be data connected to the incident, including Social Security numbers, names, addresses, phone numbers, email addresses, and dates of birth.
If the reported figures are accurate, the breach could affect more than 6.6 million records, making it one of the largest publicly reported data exposures of 2026.
At the time of publication, Empower Group has not publicly confirmed the breach or disclosed the number of individuals who may have been affected.
What Happened?
Empower Group is a New York-based alternative financing provider that works with small and medium-sized businesses. The company offers funding solutions designed to help businesses access working capital and other financing products.
The alleged breach first became public on April 16, 2026, when DragonForce listed Empower Group on its data leak site. The group claimed responsibility for stealing approximately 316 GB of data from the company’s systems.
More than a month later, on May 26, 2026, a publicly accessible indexed database allegedly connected to the breach was reported online. Researchers examining the database indicated that it contained approximately 6,691,415 records.
While the authenticity and scope of the database have not been independently verified by Empower Group, the reported contents suggest that highly sensitive personal information may have been exposed.
What Information Was Allegedly Exposed?
According to reports analyzing the leaked database, the following categories of information may have been compromised:
- Social Security numbers
- Full names
- Home addresses
- Phone numbers
- Email addresses
- Dates of birth
The exposure of Social Security numbers significantly increases the potential risk to affected individuals. Unlike passwords, Social Security numbers generally cannot be changed and may be used by criminals for years after a breach occurs.
When combined with names, addresses, and dates of birth, exposed Social Security numbers can provide enough information for identity thieves to impersonate victims, open fraudulent accounts, or conduct targeted social engineering attacks.
Why This Breach Stands Out
Large-scale data breaches are unfortunately common, but incidents involving both Social Security numbers and millions of records remain particularly concerning.
Several factors make the reported Empower Group breach noteworthy:
Size of the Exposure
Researchers reported that the leaked database contained more than 6.6 million records. If confirmed, this would place the incident among the largest publicly disclosed breaches of 2026.
Financial Services Industry Target
Financial services organizations frequently store sensitive personal and business information, making them attractive targets for cybercriminal groups seeking valuable data.
Presence of Social Security Numbers
Social Security numbers remain one of the most sought-after forms of personal information in cybercrime markets due to their usefulness in identity theft and financial fraud schemes.
Ransomware-Linked Activity
The incident has been attributed to DragonForce, a ransomware and extortion group known for stealing information and using public leak sites to pressure organizations into paying ransom demands.
Potential Risks for Affected Individuals
Individuals whose information was included in the reported database could face several risks.
Identity theft remains one of the most significant concerns following the exposure of Social Security numbers. Criminals may attempt to use stolen information to apply for credit cards, obtain loans, create fraudulent accounts, or commit tax-related fraud.
The exposure of email addresses and phone numbers may also increase the likelihood of phishing attacks. Cybercriminals often use personal information obtained from data breaches to create convincing messages designed to trick victims into revealing additional credentials or financial information.
Because multiple categories of identifying information were reportedly exposed, affected individuals may remain at risk long after the initial breach occurred.
What Should Individuals Do?
Although Empower Group has not publicly confirmed the incident, individuals who believe they may be affected should consider taking precautionary measures.
Recommended actions include:
- Monitoring financial accounts for suspicious activity
- Reviewing credit reports regularly
- Considering a fraud alert or credit freeze
- Updating passwords on important accounts
- Enabling multi-factor authentication
- Remaining cautious of unexpected emails, texts, and phone calls
Early detection remains one of the most effective ways to limit the impact of identity theft and financial fraud.
Investigation Continues
As of late May 2026, questions remain regarding the full scope of the incident, the accuracy of the reported database, and the number of individuals potentially affected.
Empower Group has not publicly acknowledged the breach, and no official notification campaign has been announced.
Additional details may emerge as cybersecurity researchers, regulators, and affected parties continue to investigate the reported exposure.
For now, individuals connected to Empower Group should remain vigilant and monitor developments as more information becomes available.
Find a Data Breach Lawyer
