Peru’s Interbank, a leading financial institution, has disclosed a significant data breach after a malicious actor exploited vulnerabilities in its systems and publicly released pilfered information.
Previously branded as the International Bank of Peru (Banco Internacional del Perú), the organization now offers financial services to a client base exceeding 2 million individuals.
“Recently, we have become aware that an unauthorized third party has gained access to personal information about a group of customers.” In light of this situation, Interbank immediately deployed additional safety measures to safeguard the operations and data of our customers today.
Following widespread outages affecting its mobile app and online platforms throughout the day and a previous incident two weeks ago, Interbank confirms that nearly all its services are now restored and assures clients that their deposits remain secure.
“To assure our customers, we confidently guarantee that Interbank protects the security of their deposits and all financial assets.” While most of our channels are functioning properly. “As soon as we complete the comprehensive review, we will restart operations in the rest of our networks,” Interbank stated.
Although the financial institution has yet to disclose the exact number of clients whose data was compromised or accessed in the breach, initially reported by , a malicious actor operating under the “kzoldyck” handle is currently marketing information allegedly stolen from Interbank systems across several hacking forums.
The malicious actor allegedly gained unauthorized access to Interbank clients’ sensitive information, compromising a vast array of personal details, including full names, account IDs, delivery dates, addresses, phone numbers, email addresses, IP addresses, credit card numbers, expiration dates, and CVV codes, as well as transaction records and plaintext login credentials.
“Over 3 million clients’ sensitive information has been compromised, including detailed usernames and passwords that grant access to bank accounts from Peru, subject to additional biometric authentication for some users,”
Currently, I am importing an element that contains data on more than 3 million clients. Comprehensive knowledge database exceeding 3.7 terabytes in size. “I’ve gathered a substantial collection of inner API credentials, including sensitive information such as LDAP and Azure login details.”
The group alleged in a thread that excerpts of the pilfered information were publicly disclosed, asserting that talks with Interbank’s management began roughly 14 days prior. Despite the attempted extortion, the financial institution remained unmoved and refused to comply.
An Interbank representative remained unavailable despite repeated attempts by BleepingComputer to gather more information about the breach, with no immediate comment forthcoming.
