Peruvian Financial Giant Suffers Major Data Leak After Extortion Attempt Fails
Interbank, a leading financial institution in Peru, has confirmed a significant data breach following a failed extortion attempt by a threat actor. The breach resulted in the leak of sensitive customer data, which is now being sold on hacking forums. This incident highlights the increasing threat of cyberattacks targeting financial institutions and the vulnerabilities of even well-established banks.
The Interbank Data Breach: Details of the Attack
The threat actor, identified by the handle “kzoldyck,” claims to have stolen a vast amount of data from Interbank’s systems. This data allegedly includes the full names, account IDs, birth dates, addresses, phone numbers, email addresses, and IP addresses of over 3 million customers. Even more alarmingly, the actor claims to possess credit card details, including CVV numbers and expiry dates, information on bank transactions, and plaintext credentials. The sheer volume of stolen data, estimated at over 3.7 TB, underscores the severity of the breach.
Stolen Interbank data up for sale
Source: BleepingComputer
The actor boasted, “More than 3 million customers’ info and in addition to the data I have uploaded here, I also have clear usernames and password information for customers, which allows access to bank accounts from Peru IP block (Restricted to biometric photo validation for some of them),” showcasing the potential for significant financial and identity theft. The actor also claims to have obtained “internal API credentials, LDAP, Azure credentials and so on,” revealing a deep penetration into Interbank’s infrastructure.
Interbank acknowledged the Interbank data breach in a statement, confirming that some customer data had been exposed by a third party without authorization. The bank stated that it immediately implemented additional security measures to protect its operations and client information. While the bank’s mobile app and online platforms experienced outages—reportedly coinciding with a separate outage two weeks prior—Interbank assures customers that most services are now restored and that client deposits remain secure.
“We want to assure our clients that Interbank guarantees the security of your deposits and all your financial products. Most of our channels are operating. As soon as we complete the exhaustive review, we will reestablish operations in the rest of our channels,” the bank stated.
However, the exact number of affected customers remains undisclosed.
The Failed Extortion Attempt and the Aftermath of the Interbank Data Breach
The threat actor revealed that negotiations with Interbank’s management began two weeks before the data leak. However, the extortion attempt failed when the bank refused to pay the ransom. This decision, while commendable from a security standpoint, resulted in the public release of the stolen data. The leaked data is currently being sold on various hacking forums, posing a significant risk to affected customers.
The incident serves as a stark reminder of the consequences of successful cyberattacks, even when ransom demands are resisted. As Interbank confirms data breach, the incident highlights the escalating threat of ransomware attacks and data breaches targeting financial institutions.
Interbank’s Response and Customer Impact
Interbank’s response to the Interbank data breach has been swift, although details remain limited. The bank has assured customers of the security of their deposits and is working to restore full functionality to its online platforms. However, the scale of the data breach and the potential for identity theft and financial fraud remain significant concerns. Customers are advised to remain vigilant and monitor their accounts for any suspicious activity. The lack of precise figures regarding the number of affected individuals raises concerns about the transparency of the bank’s communication. The incident underscores the critical need for robust cybersecurity measures within the financial sector to prevent future breaches.
