InfoSecBulletin Cybersecurity for mankind
A hacker claimed that 1.2TB of private data stolen from Standard Bank, including client credit card details, will be shared online in stages.
The bank, the largest in South Africa by assets, was breached in late February, with the hacker known as “ROOTBOY” claiming that they spent “just over three weeks” in the bank’s system undetected.
OpenAI unveils its first custom chip, Named Jalapeño
Bajaj Auto System Hit by a Ransomware Attack
Cisco Unified CM flaw CVE-2026-20230 exploited in attacks
LastPass says hackers stole customer data via Klue, supply chain breach
New Apple Exploit Bypasses Boot Defenses, Possibly Affects Millions of iPhones Worldwide
India’s Tata Electronics hit by cyber breach: Hacker target 630 GB record
Anthropic’s Mythos reportedly broke NSA classified systems in hours
OpenAI New Method “Deployment Simulation” Predicts AI Risks Before Deployment
AryStinger botnet infected thousands of D-Link routers globally
Hacker suspected of sending alerts across Brazil
On 23 March 2026, Standard Bank and its subsidiary Liberty, which is an insurance and investment company, said they had data breaches caused by unknown people.
Standard Bank stated that a limited set of client credit card details, including card numbers and expiry dates, appeared to have been leaked online.
“We are communicating directly with those clients and proactively replacing their cards as a precaution. CVV numbers are not impacted,” it assured.
The bank said before that names, ID numbers, company registration numbers, phone numbers, email addresses, and account numbers of clients were part of the breach.
On 23 March 2026, Standard Bank said that its systems were subject to “unauthorised access” and that external experts were now investigating both incidents.
The hacker claimed on the dark web forum Dark Forums that they took weeks to go through the bank’s systems and steal data.
This covers data from Microsoft SharePoint, OneDrive, and Power Apps, plus Appdynamics, Jira, Confluence, Citrix, Remedy, and Standard Bank’s Microsoft and Oracle SQL databases.
In an update published this week, the bank revealed that its internal administrative and document filing systems were affected by the breach.
According to the attacker, they stole data comprising 154 million rows of SQL, which they said would be released in batches.
“Beginning on February 27th 2026, the 3-week-long attack on both Standard Bank and Liberty has resulted in 1.2TB of data being exfiltrated from internal servers,” threat actor ROOTBOY claimed.
“A peaceful resolution was sought out with Standard Bank, however after 2 weeks of back and forth they made the decision to abandon their customers,” they said.
They are blackmailing the bank for R1.2 million in bitcoin to stop sharing private client information, including passport numbers, driver’s licence numbers, and home addresses.
They are also threatening to share detailed employee information and a lot of customer and company data.
“Our transactional banking and core operating systems were not accessed, remain secure, and are available to all our clients and employees,” Standard Bank had said in March.
“During this period, we continue to work tirelessly to engage with our clients who have been impacted. This will continue while we make meaningful progress in our investigations into the incident.”
The bank said it has reported the incident to the relevant regulatory and law enforcement authorities. “We continue to cooperate with their processes,” it said.
Liberty initially sent SMS notifications to affected customers, informing them that their personal information stored on the provider’s systems had been compromised.
“Your policies and investments remain secure, and our services are running normally,” the notification to customers stated.
Liberty’s CEO, Yuresh Maharaj, said that its core systems remained unaffected, fully operational, and available to all clients, advisors, and employees.
“Our team, supported by experts, has launched a full investigation into this incident. We operate within a robust regulatory framework and fully comply with all applicable obligations,” he said.
Standard Bank asked clients to change their banking app passwords, use fingerprints or face ID if they can, and not to click on strange links or unknown website addresses after the leak.
