Saturday , April 19 2025
interbank

Hacker claim data breach: bank confirms blaming third party

Interbank, a major financial institution in Peru, has confirmed a data breach after a hacker leaked stolen data online. Formerly the International Bank of Peru, the company offers financial services to over 2 million customers.

“To our clients: We regret this situation and understand the inconvenience this may cause you. We have identified that some data of a group of clients has been exposed by a third party without our authorization. In this situation, we immediately deploy additional security measures to protect our clients’ operations and information. We want to give you peace of mind that Interbank guarantees the security of your deposits and all its financial products. Most of our channels are operating. As soon as we finish the review exhaustively, we will restore operation on the rest of our channels. Interbank,” Interbank said.

CVE-2025-2492
ASUS warns of critical auth bypass flaw in routers

Hackers can exploit a vulnerability in Asus routers to execute unauthorized functions. This serious issue, rated 9.2 out of 10,...
Read More
CVE-2025-2492  ASUS warns of critical auth bypass flaw in routers

16,000+ Fortinet devices compromised with symlink backdoor, Mostly in Asia

According to Shadowserver Foundation around 17,000 Fortinet devices worldwide have been compromised using a new technique called "symlink". This number...
Read More
16,000+  Fortinet devices compromised with symlink backdoor, Mostly in Asia

Patch now! Critical Erlang/OTP SSH Vuln Allows UCE

A critical security flaw has been found in the Erlang/Open Telecom Platform (OTP) SSH implementation, allowing an attacker to run...
Read More
Patch now! Critical Erlang/OTP SSH Vuln Allows UCE

CISA warns of increasing risk tied to Oracle legacy Cloud leak

On Wednesday, CISA alerted about increased breach risks due to the earlier compromise of legacy Oracle Cloud servers, emphasizing the...
Read More
CISA warns of increasing risk tied to Oracle legacy Cloud leak

CVE-2025-20236
Cisco Patches Unauthenticated RCE Flaw in Webex App

Cisco issued a security advisory about a serious vulnerability in its Webex App that allows unauthenticated remote code execution (RCE)...
Read More
CVE-2025-20236  Cisco Patches Unauthenticated RCE Flaw in Webex App

Apple released emergency security updates for 2 zero-day vulns

On Wednesday, Apple released urgent operating system updates to address two security vulnerabilities that had already been exploited in highly...
Read More
Apple released emergency security updates for 2 zero-day vulns

Oracle Released Patched for 378 flaws for April 2025

On April 15, 2025, Oracle released a Critical Patch Update for 378 flaws for its products. The patch update covers...
Read More
Oracle Released Patched for 378 flaws for April 2025

CVE-2025-24054
Hackers Exploiting NTLM Spoofing Windows Vuln the in Wild

Check Point Research warns of the active exploitation of a new vulnerability, CVE-2025-24054, which lets hackers leak NTLMv2-SSP hashes using...
Read More
CVE-2025-24054  Hackers Exploiting NTLM Spoofing Windows Vuln the in Wild

Bengaluru firm got ransomware attack, Hacker demanded $70,000

Bengaluru's Whiteboard Technologies Pvt Ltd was hit by a ransomware attack, with hackers demanding a ransom of up to $70,000...
Read More
Bengaluru firm got ransomware attack, Hacker demanded $70,000

MITRE warns: U.S. Govt. Funding for MITRE’s CVE Ends Today

MITRE Vice President Yosry Barsoum warned that U.S. government funding for the Common Vulnerabilities and Exposures (CVE) and Common Weakness...
Read More
MITRE warns: U.S. Govt. Funding for MITRE’s CVE Ends Today

Customers have reported issues with the bank’s mobile app and online platforms, including a separate outage two weeks ago. Interbank states that most operations are now restored and clients’ deposits are safe.

“We want to assure our clients that Interbank guarantees the security of your deposits and all your financial products. Most of our channels are operating. As soon as we complete the exhaustive review, we will reestablish operations in the rest of our channels,” Interbank added.

The bank hasn’t revealed how many customers had their data stolen in the breach. However, a threat actor known as “kzoldyck” is reportedly selling data claimed to be from Interbank on various hacking forums.

               Source: Bleepingcomputer

The threat actor claims to have stolen sensitive information from Interbank customers, including full names, account IDs, birth dates, addresses, phone numbers, email addresses, IP addresses, credit card numbers, CVV codes, expiry dates, bank transaction details, and plaintext credentials.

The threat actor claimed, “More than 3 million customers’ info and in addition to the data I have uploaded here, I also have clear usernames and password information for customers, which allows access to bank accounts from Peru IP block (Restricted to biometric photo validation for some of them),” .

“For now, I am uploading a part containing information on over 3 million customers. Total data more than 3.7 TB. I obtained lot of internal API credentials, LDAP, Azure credentials and so on.”

They claimed in a thread, where some stolen data was shared, that negotiations with Interbank’s management started two weeks ago. However, the extortion attempt failed because the bank chose not to pay.

Bleeping computer reported Interbank spokesperson was not immediately available to reached out for more details regarding the breach.

Check Also

PwC

PwC exits more than a dozen countries in push to avoid scandals: FT reports

PwC has ceased operations in more than a dozen countries that its global bosses have …

Leave a Reply

Your email address will not be published. Required fields are marked *