Large Peruvian bank warns of data theft after dark web post emerges

One of Peru’s largest banks apologized on Wednesday for a data breach that may expose information from up to 3 million customers. 

Interbank released multiple statements on Wednesday after dark web researchers discovered someone selling access to the sensitive financial and personal information stolen from the bank. 

After the post emerged, Interbank took some services offline, writing that it was working to fix things “as soon as possible.” Four hours later, a longer statement was released warning that some of the allegedly stolen data was legitimate. 

“We have identified that some data from a group of clients has been exposed by a third party without our authorization,” the bank said in social media posts. “In this situation we immediately deployed additional security measures to safeguard the operations and information of our customers.” 

Interbank said it wanted to provide guarantees that all deposits and financial products are currently safe. The company did not respond to requests for clarification about what services were taken offline. Some users reported issues with changing their password and other glitches in operating their online accounts. The statement said that after an investigation is finished, the downed operations will be restored.

Founded in 1897, Interbank is the fourth-largest financial institution in Peru, managing thousands of banks and ATMs countrywide. The company reported more than $1.5 billion in revenue last year. 

Several cybersecurity firms and researchers shared images of the dark web post and validated some of the stolen information — which includes names, phone numbers, National ID numbers, device information, IP address, location information and data on financial transactions. 

The hacker is selling 3.7 TB of data that also includes credit card date numbers, CVVs, and login information for user accounts at the bank. The dark web post includes claims that credentials for internal bank systems were also taken. 

In a lengthy message attached to the leaked data, the hacker claimed to have been in negotiations with Interbank for two weeks before the bank allegedly broke off the deal and “resorted to insults and swears.”

The incident has drawn headlines across Peru as government agencies and regulators stepped in to address customer concerns. Interbank sent emails to customers notifying them of the data theft.

The Cybercrime Prosecutor's Office of Lima said it has issued several charges against the alleged hacker for the incident.

“In addition, [the prosecutor’s office] ordered the collection of statements of Interbank representatives and witnesses, the carrying out of virtual patrols, searches and identification on the web and other sites where data is offered, and more,” the prosecutors said according to a machine translation. 

The prosecutors also demanded Interbank submit a cybersecurity report about the incident as well as evidence that the vulnerabilities allowing the threat actor entry have been resolved. A banking regulator added that it too is monitoring the incident for potential legal violations. 

Financial institutions and governments across Latin America have faced an onslaught of digital attacks over the last two years from nation-state actors, ransomware groups and extortion gangs. Several countries have stepped up law enforcement operations against hackers in response to the attacks.