Interbank confirms data breach following failed extortion, data leak

​Interbank, one of Peru's leading financial institutions, has confirmed a data breach after a threat actor who hacked into its systems leaked stolen data online.

Previously known as the International Bank of Peru (Banco Internacional del Perú), the company provides financial services to over 2 million customers.

"We have identified that some data of a group of clients has been exposed by a third party without our authorization. In light of this situation, we immediately deployed additional security measures to protect the operations and information of our clients," Interbank said today.

While customers have been reporting that the bank's mobile app and online platforms stopped working throughout the day and during a separate outage reported two weeks ago, Interbank says that most of its operations are now back online and that its clients' deposits are secure.

"We want to assure our clients that Interbank guarantees the security of your deposits and all your financial products. Most of our channels are operating. As soon as we complete the exhaustive review, we will reestablish operations in the rest of our channels," Interbank added.

Even though the bank has yet to disclose the exact number of customers whose data was stolen or exposed in the breach, as first spotted by Dark Web Informer, a threat actor who uses the "kzoldyck" handle is now selling data allegedly stolen from Interbank systems on several hacking forums.

Stolen Interbank data up for sale (BleepingComputer)

​The threat actor claims they were able to steal Interbank customers' full names, account IDs, birth dates, addresses, phone numbers, email addresses, and IP addresses, as well as credit card and CVV numbers, credit card expiry dates, info on bank transactions, and other sensitive information, including plaintext credentials.

"More than 3 million customers' info and in addition to the data I have uploaded here, I also have clear usernames and password information for customers, which allows access to bank accounts from Peru IP block (Restricted to biometric photo validation for some of them)," the threat actor says.

"For now, I am uploading a part containing information on over 3 million customers. Total data more than 3.7 TB. I obtained lot of internal API credentials, LDAP, Azure credentials and so on."

They also claimed in a thread where samples of the stolen data were published that negotiations with Interbank's management began two weeks ago. Still, the attempted extortion failed after the bank decided not to pay.

An Interbank spokesperson was not immediately available when BleepingComputer reached out earlier today for more details regarding the breach.