The Banco BCR, the state-owned Bank of Costa Rica, was reportedly hacked and 11 million credit card credentials were allegedly stolen.
Hackers claimed to have gained access to the bank’s network in August of 2019, stating that they did not encrypt devices as the possible damage was too high.
This attack was allegedly conducted by the operators of the Maze Ransomware, who have been behind numerous cyberattacks against high-profile victims such as IT services giant Cognizant, cyber insurer Chubb, and drug testing facility Hammersmith Medicines Research LTD.
As proof of this theft, Maze posted what they say are 240 credit card numbers, with the last four digits removed, along with expiration dates and credit card verification codes (CVC).
The ransomware operators told BleepingComputer that they have tried to contact the bank multiple times with a ransom demand and may sell the data on the dark web.
Maze states that this ransom is their “reward for pointing out problems in the security system through which half a bank could be pulled out”.
