Hackers have publicly released data stolen from Standard Bank, escalating what appears to be a serious cyber security breach and raising urgent concerns over customer privacy and the bank’s digital defences.
The big-four bank this week provided an update on the data breach that it disclosed last month. On 23 March, Standard Bank of South Africa communicated that it had identified an incident involving unauthorised access to select data. The bank provided further updates to clients on 2 and 13 April.
The data breach exposed select client records, including “account numbers, limited account information, business names, and ID or registration numbers,” the bank said.
Standard Bank was hacked together with its insurer Liberty, which said it detected unauthorised third-party access to select data systems, and immediately took steps to contain and mitigate the impact.
According to Standard Bank, the affected systems were internal administrative and document filing systems.
“Our transactional banking and core operating systems were not accessed, remain secure, and are available to all our clients and employees. We would like to, once again, reassure you that we immediately took steps to secure our environment to mitigate the impact of this incident, working with external experts,” it says.
“During this period, we continue to work tirelessly to engage with our clients who have been impacted. This will continue while we make meaningful progress in our investigations into the incident. Due to the nature of the incident, we have been preparing for the possibility of client and company-related data being made public, which now appears to have been published.”
Root of all evil
A threat actor called Rootboy announced online that: “In late February, access was gained to Standard Bank and Liberty’s systems. This access was maintained for just over three weeks as we moved through Sharepoint, OneDrive, Power apps, App Dynamics, Jira, Confluence, Citrix, Remedy, Microsoft and Oracle SQL databases, and a number of native applications.”
Rootboy claims to have exfiltrated as much as 1.2 terabytes of data from Standard Bank, allegedly comprising around 154 million SQL database rows.
According to the claims, the dataset includes customer-related records, although the authenticity and scope of this information have not yet been independently verified.
Ian Janse van Rensburg, head of security engineering for Africa at Check Point Software Technologies, says the real risk to customers is the surge in phishing attacks that typically follows incidents like these.
He notes that financial institutions remain among the most impersonated brands worldwide. “When attackers gain access to personal information, such as names and contact details, they can craft highly-personalised phishing campaigns that are far more difficult for individuals to detect.
“In regions like South Africa, where mobile banking adoption is high, these attacks frequently take the form of SMS phishing, fraudulent calls, or messaging platform scams, rather than traditional e-mail.”
Janse van Rensburg points out that the key risk now shifts to customers, who may be tricked into revealing credentials or authorising fraudulent transactions.
“This is why organisations must extend their security strategies beyond the perimeter to include advanced phishing prevention and user awareness.”
‘Intensive investigation’
Says Standard Bank: “Protecting our clients remains our highest priority and we have, therefore, implemented a range of proactive measures, including enhanced monitoring of credit bureau activity, additional transaction monitoring and fraud detection across our platforms.
“Additional proactive precautionary steps continue to be implemented to further safeguard affected clients. We also encourage our clients to remain vigilant. As a trusted financial services provider, as we proceed with the intensive investigation process, we have complied with applicable regulatory notification requirements and will continue to cooperate with the relevant authorities.”
While the bank has notified the Information Regulator about the breach, the watchdog this week told ITWeb that it still needs more information from Standard Bank and Liberty for it to be able to carry out a thorough investigation.
Share
