Cegid — 74.000 IBANs leaked to the dark web
An actor published a dataset with IBANs, names, and emails extracted from Cegid (an ERP used by thousands of firms in Spain/France). The accounting firm has no mechanisms of its own to limit the exposure.
Source: Dataset published on a dark web forum
Data encrypted at rest (Neon AES-256), .p12 encrypted with a separate password in R2, no bulk IBAN export even to internal staff — only the owner downloads their data.