Interbank confirms data breach after failed blackmail and data leak

​Interbank, one of Peru's leading financial institutions, has confirmed a data breach after a threat actor who hacked into its systems leaked stolen data online.

Formerly known as the International Bank of Peru (Banco Internacional del Perú), the company provides financial services to over 2 million customers.

“We discovered that some data from a group of customers was disclosed by third parties without our authorization. Given this situation, we immediately implemented additional security measures to protect our customers’ operations and information,” Interbank said today.

While customers reported that the bank's mobile app and online platforms stopped working throughout the day and during a separate outage reported two weeks ago, Interbank says most stores are now back online and the Their customers' deposits are safe.

“We want to reassure our customers that Interbank guarantees the security of your deposits and all your financial products. Most of our channels are operational. Once we have completed the comprehensive review, we will resume operations in the remaining channels,” Interbank added.

Although the bank has not yet disclosed the exact number of customers whose data was stolen or exposed in the breach, as first discovered by Dark Web Informer, a threat actor using the pseudonym “kzoldyck” is now selling data that is allegedly stolen from interbank systems have been reported in several hacking forums.

​The threat actor claims he was able to obtain the full names, account IDs, dates of birth, addresses, phone numbers, email addresses and IP addresses of interbank customers, as well as credit card and CVV numbers, credit card expiration dates etc. to steal banking transactions and other sensitive information, including plain text credentials.

“More than 3 million customer information and in addition to the data I have uploaded here, I also have clear username and password information for customers allowing access to bank accounts from Peru IP block (for some of them on biometric photo validation limited). ),” says the threat actor.

“Right now I'm uploading a part that contains information about over 3 million customers. Total data more than 3.7TB. I got a lot of internal API credentials, LDAP, Azure credentials, etc.”

In a thread posting samples of the stolen data, they also claimed that negotiations with Interbank management began two weeks ago. However, the extortion attempt failed after the bank decided not to pay.

An Interbank spokesperson could not immediately be reached when BleepingComputer asked for further details about the breach today.