Back

Chime Faces Lawsuits After Alleged Iran-Linked Cyberattack

Severity: Medium (Score: 58.0)

Sources: news.bgov.com, hawk-eye.io, Americanbanker

Summary

On April 1, 2026, Chime Financial's mobile app experienced a significant outage attributed to a cyberattack by the pro-Iranian hacker group Team 313. Customers reported being unable to access their accounts, leading to concerns over potential data theft. Three proposed class action lawsuits have been filed in the U.S. District Court for the Northern District of California, alleging that Team 313 breached Chime's systems and stole sensitive personal information, including Social Security numbers and government-issued IDs. Chime has publicly stated that no data was stolen during the incident. Despite the claims, no evidence of a breach has been presented beyond existing public knowledge. The outage resulted in over 6,600 user reports on DownDetector, indicating widespread impact. As of May 4, 2026, Chime has not filed a material cybersecurity incident notice with the SEC, raising questions about the company's assessment of the incident's severity. Customers have expressed frustration and anxiety over the lack of access and potential data compromise. Key Points: • Chime Financial's app outage on April 1, 2026, was linked to a cyberattack by Team 313. • Three lawsuits allege that sensitive customer data was compromised, despite Chime's denials. • Chime has not filed a cybersecurity incident notice with the SEC as of May 4, 2026.

Key Entities

  • 313 Team Hacking Team (apt_group)
  • Banished Kitten (apt_group)
  • Storm-0842 (apt_group)
  • Team 313 (apt_group)
  • Void Manticore (apt_group)
  • DDoS (attack_type)
  • Malware (attack_type)
  • Phishing (attack_type)
  • Great Epic (campaign)
  • 313 Team Corporation (company)
  • Chime (company)
  • Pinterest (company)
  • Iran (country)
  • Iraq (country)
  • Ireland (country)
  • CWE-200 - Exposure of Sensitive Information (cwe)
  • Cwe-79 - Cross-site Scripting (xss) (cwe)
  • Cwe-89 - SQL Injection (cwe)
  • checkhost.net (domain)
  • Financial (industry)
  • Manufacturing (industry)
  • T1027 - Obfuscated Files Or Information (mitre_attack)
  • T1041 - Exfiltration Over C2 Channel (mitre_attack)
  • T1059.003 - Windows Command Shell (mitre_attack)
  • T1071 - Application Layer Protocol (mitre_attack)
  • T1485 - Data Destruction (mitre_attack)
  • Microsoft Entra (platform)
  • Microsoft Intune (platform)
  • Telegram (platform)
  • GitHub (platform)
  • Mega (platform)
  • AutoIt (tool)
  • HackBar (tool)
  • Storj (tool)
Loading threat details...

Threat Not Found

The threat cluster you're looking for doesn't exist or has been removed.

Return to Feed