A company you’ve never heard of just made your SSN someone else’s property.
On March 3, 2026, hackers breached Woflow — an AI-powered merchant data and restaurant intelligence platform. The attackers: ShinyHunters, the same group responsible for the AT&T breach exposing 70 million records and the Ticketmaster hack that hit 560 million accounts. They don't do small jobs.
Woflow isn't a name you'd recognize on your credit card statement. That's the point. Data aggregators, merchant intelligence firms, and AI platforms sit in the background of the digital economy — collecting, storing, and processing information about people who never signed up with them directly. And when they get hit, the damage lands directly on your credit file.
Full legal names • Home addresses • Social Security numbers • Driver's license numbers • Financial account numbers • Credit card numbers and expiration dates • Date of birth. A class action lawsuit was filed shortly after the breach was disclosed. The litigation is active at ClassAction.org.
A class action was filed immediately after disclosure. Plaintiffs allege Woflow failed to implement adequate data security controls, failed to detect the intrusion in a timely manner, and failed to notify affected individuals quickly enough. If you were impacted, you may be entitled to damages — but right now, the most important thing is protecting your credit file before fraudsters act.
Why this breach is a direct credit threat
Most people think a data breach means someone charges something to their Amazon account. That's the minor version. When your SSN, financial account numbers, and credit card data are stolen together, criminals have everything they need to:
Open new credit lines in your name. A Social Security number plus a name, address, and date of birth is all a lender requires. New accounts you never opened will appear on your credit report, tank your score, and can take months — sometimes years — to remove through the dispute process.
Take over existing accounts. With your credit card numbers and financial account details, fraudsters can drain accounts, change billing addresses, and request limit increases that wreck your utilization ratio and score simultaneously.
Sell your profile on dark web markets. ShinyHunters doesn't use stolen data themselves — they sell it. Your complete identity package may already be circulating through underground forums, bought by multiple actors, each with different attack strategies.
"You don't need to know who Woflow is for this to be your problem. You just need to have ever eaten at a restaurant, ordered delivery, or used a merchant that used their platform."
The 5-step credit lockdown — do this today
Don't wait for a notification letter. Don't wait for a suspicious charge. By the time you see the damage on your credit report, the fraudster has already moved on to the next victim. Here's what to do right now:
-
1Freeze your credit at all three bureaus. Go directly to Experian.com, TransUnion.com, and Equifax.com. A credit freeze is free, instant, and prevents any new credit from being opened in your name — even if someone has your SSN. This is the single most effective identity theft protection tool that exists. Do it now, before you finish reading this article.
-
2Place a fraud alert. Filing a fraud alert at any one bureau legally requires all three to notify lenders to take extra verification steps before extending credit. It doesn't block new accounts like a freeze does, but it adds a layer. Call 1-888-EXPERIAN, 1-800-680-7289 (TransUnion), or 1-888-766-0008 (Equifax). One call reaches all three.
-
3Pull your free credit reports immediately. Go to AnnualCreditReport.com — the only federally authorized site. Download all three reports. Look for any accounts you don't recognize, hard inquiries you didn't authorize, or address changes you didn't make. Screenshot everything.
-
4Set up dark web monitoring. Services like Experian IdentityWorks, LifeLock, and Privacy Bee scan underground forums for your SSN and financial data. If your Woflow data is already being traded, you want to know before a new account shows up on your report — not after. Many banks and credit cards offer this free.
-
5Document everything for the class action. If you receive a breach notification from Woflow, save it. Screenshot the class action details at ClassAction.org/woflow. Keep a record of any suspicious charges, new accounts, or credit score drops after March 3, 2026. This documentation builds your case for potential compensation.
The invisible data economy — and why it keeps hitting you
Woflow isn't the first. It won't be the last. AT&T. Ticketmaster. Change Healthcare. National Public Data. MOVEit. Every few months, a company you've never heard of discloses that your most sensitive personal information was in their system — and now it isn't.
The problem isn't just hackers. It's a data economy built on hoarding. Hundreds of companies you've never directly interacted with have your SSN, financial data, and personal history — purchased from data brokers, scraped from public records, or aggregated from merchants you've transacted with. They store it because data is valuable. They protect it poorly because security is expensive. And when they get breached, you pay the price.
Under the Fair Credit Reporting Act, you have the right to dispute any inaccurate or fraudulent information on your credit report — and the bureaus must investigate within 30–45 days. If fraud-related accounts appear on your report after this breach, you can file a dispute AND a police report, which strengthens your FCRA position significantly. Victims of documented data breaches have stronger legal footing than standard dispute filers.
What ShinyHunters actually does with your data
Understanding the threat actor helps you understand the urgency. ShinyHunters is not a state-sponsored intelligence group. They are a financially motivated cybercriminal organization that operates on a simple business model: hack, package, and sell.
| Past ShinyHunters Target | Records Stolen | Data Type | Outcome |
|---|---|---|---|
| AT&T (2024) | 70 million | SSNs, account data | Sold on dark web |
| Ticketmaster (2024) | 560 million | Credit cards, PII | Listed for $500K |
| Santander Bank (2024) | 30 million | Account numbers, SSNs | Sold in segments |
| Woflow (2026) | Thousands+ | SSNs, CCs, financials | Class action active |
After a breach, stolen data typically moves through three phases: initial sale to high-bidder threat actors, secondary sale to automated fraud networks, and finally bulk sale to anyone willing to pay. The window between breach and first fraudulent account opening is often as short as 72 hours. That's why freezing your credit today — not next week — is the only move that actually protects you.
If errors appear on your report — here’s your next move
Freezing your credit prevents new fraud. But if fraudulent accounts already appeared between March 3 and when you're reading this, you need a dispute strategy — not just a freeze. The bureaus are required by law to investigate, but they are not required to make it easy for you.
Here's what actually works: dispute the fraudulent account in writing, attach a copy of your FTC identity theft report (identitytheft.gov), attach documentation of the Woflow breach notification, and send via certified mail with return receipt. This creates a paper trail that makes it significantly harder for bureaus to rubber-stamp a "verified" response without a real investigation.
Under FCRA Section 605B, victims of identity theft can request that consumer reporting agencies block information resulting from identity theft — not just dispute it. This is a stronger tool than a standard dispute. It permanently removes the fraudulent tradeline from your report rather than simply "investigating" it. It requires a police report and a signed statement, but it's faster and more effective than the standard dispute path.
Freeze it. Dispute it. Fix it.
ScoreBoost handles all three.
Whether you're responding to the Woflow breach or rebuilding from old errors, ScoreBoost walks you through every step — credit freezes, dispute letters, identity theft response, and score-building strategy. It's built for this exact situation.