Interbank, a Peru-based financial institution, has admitted that it became the subject of a recent data breach incident after an unauthorised individual infiltrated its networks and exposed alleged stolen information.
After discovering the attack, the affected company insisted that they immediately implemented additional security measures to protect their clients’ data.
The first sign of the incident occurred when customers complained that the bank’s mobile app and online platforms had stopped working for 24 hours, and a separate outage was reported a couple of weeks ago.
Interbank states that its activities are operational, and its clients’ deposits are secure.
Interbank guarantees in its recent announcement that its customers’ deposits and all financial assets are secured. However, the company also said it would continue its investigations to resume operations for the rest of its channels.
On the other hand, a threat actor named kzoldyck is now selling the purported stolen data from the affected financial institution despite the bank having yet to declare the actual number of clients whose data was taken or exposed in the breach.
The threat actor claims to have stolen Interbank customers’ full names, account IDs, birth dates, addresses, numbers, email addresses, and IP addresses, as well as credit card and CVV numbers, credit card expiry dates, bank transaction information, and other sensitive information, such as plaintext credentials.
It also claims to have exfiltrated more than 3 million customer information, including usernames and passwords. The exposed data could allow unauthorised individuals to access bank accounts from the Peru IP block.
Furthermore, this attacker claimed it would upload a section with information about almost 3 million clients, with a total data volume exceeding 3.7 TB. It said that it received numerous internal API credentials, LDAP credentials, Azure credentials, etc.
The leak also revealed a thread where they posted samples of the stolen materials, including a conversation with Interbank’s management that started two weeks after the purported data-stealing incident. However, the attempted extortion failed when the bank refused to pay.
The affected banking entity has yet to reveal further details about the attack or address the leaker’s claims.