230,000 Australian driver licences exposed in ransomware attack on vehicle finance firm

Approximately 229,226 Australian driver licences have reportedly been exposed by hackers who breached security at YouX, a popular software platform used by automakers and dealers for new-vehicle finance.

Sydney-based YouX – previously known as Drive IQ – says on its site it works with “87 per cent of Australia’s OEM [Original Equipment Manufacturer] branded lenders” to provide its software for vehicle financing, including application and approval processes.

According to Broker Daily, hackers claimed to have accessed more than 8000 password hashes to the platform earlier this month, exposing highly sensitive personal information connected to 444,538 individuals.

This reportedly includes 229,226 driver licence numbers, as well as names, phone numbers, email addresses, home addresses, financial records and loan applications.

CarExpert can save you thousands on a new car. Click here to get a great deal.

The 141GB of stolen data reportedly includes 629,597 loan applications, Australian Business Numbers (ABNs), staff directories and “full customer portfolios”.

“We are aware that a threat actor [attacker] has published data online containing information it claims to have taken from YouX’s systems,” said a statement from the firm last updated on February 23, 2026.

“We have reviewed this information and confirm that personal information has been accessed and downloaded by the threat actor. We are responding to this development, and we will continue to update all our stakeholders.”

The data is reportedly being used to hold YouX to ransom, with payment demanded to prevent it being offered for sale.

A report from Information Age said the hackers claimed the ransom has been paid, however YouX hasn’t confirmed if this is true.

Tech site Cyberdaily.com.au has reported, “A good portion of the data has already been shared on a popular hacking forum, and the hacker is threatening to publish more stolen data in the coming weeks.”

The Broker Daily website quoted Liam Garman, co-host of the Finance Specialist podcast, saying: “What we have online now, potentially up for grabs, is a treasure trove of data.”

“This can really paint a picture about where you are in your life financially, also your personal information which allows threat actors to create quite sophisticated phishing campaigns to vulnerable Aussies.”

YouX has provided a support page and email address for concerned customers who may have been impacted by the cyberattack.

It has also said it continues to update the Office of the Australian Information Commissioner (OAIC) and the Australian Cyber Security Centre (ACSC) on the situation, which dates back to February 9, 2026.