Adumo, one of South Africa’s largest payment processors, is investigating claims that a threat actor has breached its network and stolen highly sensitive technical databases and source code.

A post on a dark web hacking forum has listed the alleged haul for sale at R114,000 (roughly $6,000). The leak reportedly consists of 15,456 files totalling 14GB of data, posing a significant intellectual property and security challenge for the firm.

According to the forum listing, the compromised data includes:

• Multiple versions of virtual card application (VCA) installers.
• Adumo’s core transaction processing environment.
• Payment system components used to integrate with the retail management suite, DataSmith.
• Specific card operation source codes, including processes labelled “cardActivate,” “cardAllocate,” “cardDebit,” and “cardRefund.”
• Complete source codes detailing the functionality of Adumo’s physical card machines.
• The company’s entire set of InnerEdge Docker images.

When approached regarding the incident, Adumo confirmed it is actively looking into the matter but denied that its central network had been directly compromised.

“Adumo is aware of information circulating online and is conducting an internal investigation to verify its source and scope,” company representatives stated. “No internal systems have been compromised, and our investigation, at this stage, points to an external system that was previously used to share files with integration partners.”

The company maintains that the sale of this material “does not impact Adumo’s business operations” and that no direct customer data has been exposed.

Adumo is a critical fixture in the South African financial technology landscape. In 2024, the company was acquired by the Nasdaq-listed South African fintech Lesaka Technologies for $96.2m (R1.67bn). The acquisition was structured to allow Adumo to scale its payment processing across Lesaka’s broader business operations and integrate its technologies. While Adumo reports no operational downtime, a leak of foundational code raises questions about the security of these wider integrated systems.

While customer data may remain secure, cybersecurity experts warn that the public exposure of source code — even code routinely shared with integration partners — carries severe long-term risks.

Cloud security firm Wiz notes that source code leaks frequently lead “to severe security vulnerabilities and intellectual property theft.”

“For instance, unverified container images from public registries can introduce malicious code into an organisation’s software supply chain, exposing critical vulnerabilities,” the firm stated.

Wiz highlighted that such exposures allow hackers to map out a system’s architecture, uncovering and exploiting zero-day vulnerabilities that would otherwise remain hidden. A prominent historical parallel is the May 2020 leak of Microsoft’s Windows 10 source code, which triggered immediate industry-wide security alerts due to the risk of hackers reverse-engineering the operating system.

For a payment processor, the stakes are elevated. Cybercriminals employ various methods to steal source code, most commonly through phishing and social engineering tactics targeting employees. Access to transaction processing environments and card operation mechanics allows these actors to study the architecture offline. For an upfront cost of R114,000, buyers can reverse-engineer the technology to design highly sophisticated, targeted attacks against the processor’s infrastructure or its integrated retail partners.

The alleged Adumo incident arrives amid a sharp increase in severe cyberattacks targeting the South African financial sector.

Just days prior, in mid-April 2026, reports emerged that a threat actor known as “ROOTBOY” breached Standard Bank, South Africa’s largest lender by assets. The attacker reportedly spent over three weeks exfiltrating data from the bank’s internal systems undetected, resulting in the theft of 1.2TB of company and client information.

While Standard Bank confirmed that its core operating and transactional banking systems remained secure and unaccessed, the breach compromised administrative data and a limited set of client credit card information — excluding CVV numbers — which was subsequently published online.

“During this period, we continue to work tirelessly to engage with our clients who have been impacted,” Standard Bank stated regarding its ongoing response. “This will continue while we make meaningful progress in our investigations into the incident.”

The back-to-back incidents at major institutions like Standard Bank and Adumo underscore a critical vulnerability in the region’s financial supply chain. As fintech integrations deepen following major M&A activity, securing both internal networks and partner-facing external systems is proving to be an increasingly complex challenge for the industry.