Interbank discloses data breach, allegedly over 3 million customers affected
Interbank, one of the biggest financial institutions of Peru, has confirmed it suffered a data breach. The threat actor responsible claims to have stolen personal data from over 3 million customers.
“We have identified that some data of a group of clients has been exposed by a third party without our authorization. In response to this situation, we immediately deployed additional security measures to safeguard our customers’ operations and information,” Interbank says in a statement on X.
The Peruvian bank reassures its clients their deposits and all their financial products are safe. Furthermore, the bank emphasizes that most of its services are fully operational, despite what some users claim on X.
“As soon as we have completed our comprehensive review, we will reestablish operations of the rest of our services,” Interbank concludes.
Although Interbank doesn’t disclose what information has been stolen, a threat actor called ‘kzoldyck’ claims to have exfiltrated personally identifiable information from more than 3 million customers.
He allegedly was able to get his hands on full names, account IDs, dates of birth, addresses, phone numbers, email addresses, and IP addresses.
In addition, he says he was able to download financial information, including credit card numbers, CVV numbers, credit card expiry dates, and info on bank transactions.
Lastly, ‘kzoldyck’ states he’s in possession of ‘other sensitive information’, such as plaintext credentials, internal API credentials, LDAP, Azure credentials, and so on.
“More than 3 million customers' info and in addition to the data I have uploaded here, I also have clear usernames and password information for customers, which allows access to bank accounts from Peru IP block (Restricted to biometric photo validation for some of them),” the threat actor says on a hacking forum on the dark web.
Supposedly, he stole over 3.7 TB of personal information and started bargaining over a ransom demand two weeks ago. Interbank however decided not to pay.
Your email address will not be published. Required fields are marked