Welcome to this week’s edition of ONSEC Fintech Cyber Weekly, brought to you by the ONSEC team. From India to Canada, and from Brazil to Germany, the past week showcased how fintech continues to expand globally while grappling with intensifying cyber and regulatory challenges. On one side, we saw major product launches, international expansions, and even traditional banking giants like JPMorgan deepening their digital ambitions. On the other, cyber threats, insider misuse, and shifting regulatory regimes—from Brazil’s central bank tightening oversight to Singapore’s warnings on advanced ransomware—reminded us that resilience is now core to fintech growth. Here’s what you need to know.
Trends & Regulation
- Surge in cyber insurance uptake among fintechs & NBFCs — Sept 10, 2025 – Rising cyber threats have pushed cooperative banks, small finance banks, NBFCs, and fintech startups to significantly increase their demand for cyber insurance—previously dominated by large tech firms. The Economic Times
- CFPB sues Synapse over deceptive practices — Sept 4, 2025 – The U.S. regulator filed a lawsuit against bankrupt fintech Synapse over allegedly unfair and deceptive acts in how it handled customer deposits via middleware accounts—highlighting risks in behind-the-scenes fintech operations. Cadwalader
- MAS issues prohibition for unauthorized data access and warns of new EDR-killer ransomware tool — Early Sept 2025 – Singapore’s Monetary Authority has prohibited three individuals for misusing access to bank customer information, while Singapore’s cybersecurity agency issued a warning about a new ransomware tool capable of disabling endpoint detection systems. Linklaters
- Brazil Central Bank Tightens Fintech Oversight — Sept 5, 2025 – In response to rising cyberattacks, Brazil’s central bank introduced caps on digital cash transfers through unverified payment institutions, limiting individual transfers to 15,000 reais (~$2,800). Institutions must also obtain central-bank approval by May 2026 (moved up from December 2029) to continue operating—part of a broader drive to curb illicit activity and bolster system security. Reuters
Security & Cyber Threat
- Hack attempt on Brazilian fintech Sinqia – $130M target — Sept 4, 2025 – Hackers targeted Sinqia S.A., a Brazilian subsidiary of Evertec, in a daring cyber-heist attempt aiming to steal $130 million. The attack underscores escalating cyber risk across fintech infrastructure globally. Fintech Review
- Wealthsimple discloses data breach – Up to 30,000 users affected — Sept 8, 2025 – Canadian fintech Wealthsimple reported that less than 1% of its three million users—up to 30,000—had personal data exposed from a compromised third-party software package. No passwords or funds were accessed, but sensitive information including contact data, SINs, birthdates, and financial details were exposed. Affected clients have been offered two years of free credit, dark web monitoring, and identity protection; law enforcement and regulators have also been notified. TechRadar
- Insight Partners breach – Staff and LPs notified — Sept 8, 2025 – Venture firm Insight Partners confirmed that a social engineering attack earlier this year compromised personal data of staff and limited partners. The firm completed its internal review in August and is now notifying affected individuals. TechCrunch
- SwissBorg Suffers Major Crypto Breach via Partner API — Sept 9, 2025 – Crypto wealth management platform SwissBorg confirmed an exploit in a partner API led to the loss of nearly 192,600 SOL (~$5 million). Although its main app and other funds were not impacted, the company is deploying its SOL Treasury to reimburse users and collaborating with white-hat hackers and security partners to recover the remaining funds. The Paypers
Product & Platform Launches
- BharatPe & Unity Bank launch co-branded credit card – India-focused consumer credit — September 3, 2025 – BharatPe partnered with Unity Small Finance Bank to introduce the “BharatPe Unity Bank Credit Card,” aimed at serving salaried and self-employed individuals in India. The card launch comes alongside BharatPe’s Resilient Payments gaining an online payment aggregator licence and plans to launch the BharatPe X platform. The Paypers.
- Percent introduces SMA program – Private credit access for RIAs — September 10, 2025 – Private credit fintech Percent unveiled a new separately managed account (SMA) product that invests in alternative asset-backed, non-bank loans under $25 million. The offering includes a white-label option for RIAs, with projected risk-adjusted returns in the low double digits to mid-teens. Wealth Management.
- Toss plans global expansion starting in Australia & drafts Won-based stablecoin — September 9, 2025 – South Korean fintech Toss unveiled plans to expand globally, beginning with launching its super-app in Australia by the end of 2025. Toss is also preparing to issue a South Korean won-backed stablecoin, pending regulatory approval, and is eyeing a U.S. IPO by Q2 2026 with a potential valuation exceeding $10 billion. Reuters.
- Brex pushes into Europe – Gearing for IPO and profitability — (Contextual launch of service territory expansion) [September 2025] – Corporate card and expense management fintech Brex received a European operational license, enabling it to serve businesses in Europe. The expansion supports its path to profitability and prepares it for an impending IPO. Financial Times.
- JPMorgan to launch digital retail bank in Germany in 2026 — September 4, 2025 – PMorgan Chase revealed plans to launch Chase digital retail banking in Germany in Q2 2026, marking its second European market after the UK. The move signals its ambitions in continental digital banking. Source: Reuters. Reuters
- Inverite integrates Xcash into its Open Banking AI platform — September 8, 2025 – AI-driven fintech Inverite announced integration with Xcash Financial Services into its Open Banking AI platform. This enhancement will optimize credit decisioning with real-time financial insights for approximately 50,000 Canadian customers, improving digital lending experiences. Source: The Paypers. The Paypers
This week underscored three major themes. First, fintech growth remains relentless, with launches ranging from BharatPe’s co-branded credit card to Toss’s global expansion plans and JPMorgan’s next European push. Second, cyber threats are escalating, highlighted by breaches at Wealthsimple, Insight Partners, and SwissBorg, alongside a $130M heist attempt in Brazil. Third, regulators are stepping up enforcement and oversight, from the CFPB’s action against Synapse to Brazil’s tighter rules and Singapore’s crackdowns on insider abuse.
For fintech leaders, the lesson is clear: the path forward demands balancing aggressive innovation with robust security and regulatory alignment. The firms that succeed will be those that treat trust and resilience as competitive advantages, not afterthoughts.
Fintech Weekly Digest: 9/10 – Wealthsimple Breach; VC Cyber Alert; Cyber-Insurance SurgeBook a call with Onsec
Fintech Cyber Weekly 
Leave a comment