Chaos ransomware gang claims attack and data theft of ThinkMarkets

Chaos ransomware group claims a breach of Melbourne-headquartered online brokerage ThinkMarkets. The attack was claimed on December 8, 2025 on the Chaos dark web site. 

The hackers claim to have stolen and published 512 gigabytes of company data online. Multiple observers report that the published data appears legitimate. The breach potentially compromises both employee and customer information across ThinkMarkets' global operations, which span the Middle East, South Africa, Europe, and the United States.

The stolen information allegedly includes:

• Human resources records and employee passport scans
• Know-your-customer (KYC) records of clients
• Customer dispute details
• Legal advice and correspondence
• Company policies and procedures
• Trading information and financial data

The number of affected individuals has not been disclosed. ThinkMarkets has not commented on the claims and has not responded to media requests for comment.

Customers are advised to monitor their financial accounts closely, enable multi-factor authentication on all trading accounts, and watch for suspicious emails or communications claiming to be from ThinkMarkets.