InfoSecBulletin Cybersecurity for mankind
A hacker claimed that 1.2TB of private data stolen from Standard Bank, including client credit card details, will be shared online in stages.
The bank, the largest in South Africa by assets, was breached in late February, with the hacker known as “ROOTBOY” claiming that they spent “just over three weeks” in the bank’s system undetected.
1-Click GitHub Token Flaw Allows Attackers Steal Users’ OAuth Tokens
TP-Link Router Flaw Enables Remote Command Execution Attacks
ALERT
Google patches one exploited Android zero-day and 124 issues
CISA warns two-year-old Oracle Vuln as actively exploited in attacks
Hackers Use Meta’s AI Bot to Take Over Instagram Accounts
Anthropic confirms Claude Mythos-class models will be public
Threat Actors Fake FIFA Sites to Steal Personal Info
CISA gives feds 4 days to fix cPanel plugin vulnerability
ALERT
FortiClient EMS Code Execution Flaw Exploited to Deploy Malware
Anthropic Unveils Free Security Plugin for Claude Code Terminal to Detect Flaws
On 23 March 2026, Standard Bank and its subsidiary Liberty, which is an insurance and investment company, said they had data breaches caused by unknown people.
Standard Bank stated that a limited set of client credit card details, including card numbers and expiry dates, appeared to have been leaked online.
“We are communicating directly with those clients and proactively replacing their cards as a precaution. CVV numbers are not impacted,” it assured.
The bank said before that names, ID numbers, company registration numbers, phone numbers, email addresses, and account numbers of clients were part of the breach.
On 23 March 2026, Standard Bank said that its systems were subject to “unauthorised access” and that external experts were now investigating both incidents.
The hacker claimed on the dark web forum Dark Forums that they took weeks to go through the bank’s systems and steal data.
This covers data from Microsoft SharePoint, OneDrive, and Power Apps, plus Appdynamics, Jira, Confluence, Citrix, Remedy, and Standard Bank’s Microsoft and Oracle SQL databases.
In an update published this week, the bank revealed that its internal administrative and document filing systems were affected by the breach.
According to the attacker, they stole data comprising 154 million rows of SQL, which they said would be released in batches.
“Beginning on February 27th 2026, the 3-week-long attack on both Standard Bank and Liberty has resulted in 1.2TB of data being exfiltrated from internal servers,” threat actor ROOTBOY claimed.
“A peaceful resolution was sought out with Standard Bank, however after 2 weeks of back and forth they made the decision to abandon their customers,” they said.
They are blackmailing the bank for R1.2 million in bitcoin to stop sharing private client information, including passport numbers, driver’s licence numbers, and home addresses.
They are also threatening to share detailed employee information and a lot of customer and company data.
“Our transactional banking and core operating systems were not accessed, remain secure, and are available to all our clients and employees,” Standard Bank had said in March.
“During this period, we continue to work tirelessly to engage with our clients who have been impacted. This will continue while we make meaningful progress in our investigations into the incident.”
The bank said it has reported the incident to the relevant regulatory and law enforcement authorities. “We continue to cooperate with their processes,” it said.
Liberty initially sent SMS notifications to affected customers, informing them that their personal information stored on the provider’s systems had been compromised.
“Your policies and investments remain secure, and our services are running normally,” the notification to customers stated.
Liberty’s CEO, Yuresh Maharaj, said that its core systems remained unaffected, fully operational, and available to all clients, advisors, and employees.
“Our team, supported by experts, has launched a full investigation into this incident. We operate within a robust regulatory framework and fully comply with all applicable obligations,” he said.
Standard Bank asked clients to change their banking app passwords, use fingerprints or face ID if they can, and not to click on strange links or unknown website addresses after the leak.
