
Bleeping Computer reports that Interbank has confirmed a data breach after a threat actor started leaking data online.
Even though the bank has yet to disclose the exact number of customers whose data was stolen or exposed in the breach, as first spotted by Dark Web Informer, a threat actor who uses the “kzoldyck” handle is now selling data allegedly stolen from Interbank systems on several hacking forums.
The threat actor claims they were able to steal Interbank customers’ full names, account IDs, birth dates, addresses, phone numbers, email addresses, and IP addresses, as well as credit card and CVV numbers, credit card expiry dates, info on bank transactions, and other sensitive information, including plaintext credentials.
Read more at BleepingComputer.
The threat actor’s initial post claimed:
More than 3 million customers’ info and in addition to the data I have uploaded here, I also have clear usernames and password information for customers, which allows access to bank accounts from Peru IP block (Restricted to biometric photo validation for some of them). For now, I am uploading a part containing information on over 3 million customers. Total data more than 3.7 TB. I obtained lot of internal API credentials, LDAP, Azure credentials and so on. I’ll upload them separately soon.
I can also provide internal access for a while, reach me via DM if you serious buyer for access.
Company: Interbank (https://www.interbank[.]pe/)
Description: Interbank, formally the Banco Internacional del Perú Service Holding S.A.A. is a Peruvian provider of financial services.
Country: Peru
Revenue: $1.7B
Breach Date: 2024-30-10
Breach Contents: Full Names, DNI – Account IDs, Birthdates, Mother Last Names, Nationality, Addresses, Phone Numbers, Emails, IP Addresses, Genders, Balances, CC & CVV numbers, CC expiry dates, bank transactions, Tunki APP balances, Tunki APP transactions, Company account (Empresas) passwords and more.
The leak has generated a lot of interest on the popular hacking forum, although a lot of the responses are from people complaining that the sample file expired or that passwords aren’t working. The threat actor did add screencaps to their original post, some of which seem to reveal negotiations with Intercorp that did not result in any agreement.