Banco de Costa Rica: Lost 11 million credit card data

May 5, 2020
banco de costa rica data leak compromised data dark web

It has been revealed by the Threat Actors behind the Maze Ransomware that they have stolen a whopping 11 million credit card data of Banco de Costa Rica. They have also claimed that this is not the first time they have intruded on the bank’s network as they have first accessed it back in August 2019 and then later February 2020. However, according to these Threat Actors, they didn’t encrypt any data as it will result in a worst-case scenario for the victim because of the global crisis brought by the COVID-19 pandemic

Banco de Costa Rica was established on April 20, 1877. As the bank is 142 years strong, it is reported to have an equity of $806,606,710 and assets of $7,607,483,881. Thus, it is not surprising that the bank was regarded to be the most powerful state-owned commercial bank not only in Costa Rica but in entire Central America.

The Group divulges that they have got over 11 million credit card credentials and that over 4 million of those are unique while 140,000 data belong to US citizens.

It has been revealed that Maze Ransomware Group, the bank’s network has been unsecure since February 2020. As per them, they want to alert the people and financial institutions about the poor security they have on their Systems. More so, the ransomware operators warn that they will publish all 11 million credit card numbers on their website if no feedback about heightening security measures is received from the said banking institution.

In order to prove the hack, these ransomware operators have posted 240 credit card numbers and with their corresponding expiration dates and credit card verification codes (CVC) but have removed the last four digits of the credit card numbers.

Below is the press release of the Maze Ransomware group released on April 30, 2020:


text message fraud image 1


As mentioned by the Maze Ransomware Group, the stolen data can be quickly sold to the Dark Web for a considerable lump sum of money. This kind of security breach must not be taken lightly as for a large banking institution like Banco de Costa Rica; the risk is enormous. The Group has tried to reach out to Banco de Costa Rica multiple times with a ransom demand and warns to sell the data to Dark Web, but they have yet to get a response from them.

To make sure, if you are a credit card holder from the said bank, it is suggested that you contact the bank to confirm that your account is not at risk and make sure to monitor your credit card for fraudulent activities.

Maze Ransomware operators are the people behind several attacks against different Organizations such as an American multinational corporation, Cognizant, and a global provider of insurance products, Chubb.

Few steps to take to prevent Data Breaches:

  • Patch and Update all software as soon as available.
  • Safeguarding your Data Systems.
  • Encrypt sensitive data.
  • Enforcing strong credentials and the use of multifactor authentication.
  • Educating all employees on best security practices.

iZOOlogic protects hundreds of the world’s leading brands across banking, finance, and government from cybercrime. We provide reliable cyber defense solutions to protect digital client assets. We are at the cutting edge of monitoring alerts on these types of data breaches.

Our commitment to our clients is to ensure that we take heed for Dark web activities that would target them as well as their customers through malicious actions.

Massive data breach must be approached with diligence as this can be a starting point for being a victim of social engineering scheme leading to phishing attacks and other abuse in the future.






About the author

Leave a Reply