Skip to content

Interbank data breach exposes 3.7 TB data of 3 million customers

  • by
  • 3 min read

Interbank, one of Peru’s largest financial institutions, has confirmed a data breach after a hacker, identified by the alias ‘kzoldyck,’ released a trove of stolen data online. The hacker claims to have over 3.7 TB of data containing the usernames, passwords, account IDs, birth dates, addresses, phone numbers, emails, IP addresses, credit card numbers, expiry dates, and CVV numbers of more than three million Interbank customers.

According to Interbank, a threat actor gained unauthorised access to its systems and exfiltrated data belonging to a segment of its customers.

In an official statement on X, Interbank emphasised customer security, stating, “We have identified that some data of a group of clients has been exposed by a third party without our authorisation. In light of this situation, we immediately deployed additional security measures to protect the operations and information of our clients.”

However, the bank refused to divulge any information about the full scope of the breach or the number of affected customers.

Amidst customer reports of interrupted access to Interbank’s online and mobile banking platforms, the company confirmed service disruptions coinciding with the data leak. While most services are back online, the bank reassured clients that their deposits remain secure and that efforts are underway to restore complete functionality.

“We want to assure our clients that Interbank guarantees the security of your deposits and all your financial products. Most of our channels are operating. As soon as we complete the exhaustive review, we will reestablish operations in the rest of our channels,” Interbank stated.

Although the bank is quiet about the extent of the breach, the hacker has revealed just that, stating, “More than 3 million customers’ info. In addition to the data I have uploaded here, I also have clear usernames and password information for customers, which allows access to bank accounts from Peru IP block (Restricted to biometric photo validating for some of them). I am uploading a part containing information on over 3 million customers. Total data more than 3.7 TB.”

The cybercriminals also hinted at possessing internal credentials, including API keys and access to Azure and LDAP systems.

According to BleepingComputer, Interbank’s management engaged in negotiations but ultimately refused to meet extortion demands, prompting the attacker to publish portions of the data.

In August 2024, a ransomware attack on C-Edge technologies affected more than 300 medium and small banks in India. Similarly, in July, Evolve Bank and Trust confirmed that the LockBit malware attack affected more than 7.6 million people. The attack was previously thought to have targeted the Federal Reserve Bank.

In the News: New MacBook Pro, iMac and Mac Mini announced with the new M4 chip

Kumar Hemant

Kumar Hemant

Deputy Editor at Candid.Technology. Hemant writes at the intersection of tech and culture and has a keen interest in science, social issues and international relations. You can contact him here: kumarhemant@pm.me

>