Interbank, one of Peru’s largest banks, has confirmed a major data breach after a cyber attacker leaked stolen customer data online.

The bank, formerly known as Banco Internacional del Perú, serves over two million clients, many of whom may have had their data compromised. In a recent statement, Interbank acknowledged that client data was accessed by an unauthorized third party and assured customers of heightened security efforts to protect their information.

The breach has caused disruptions, with customers reporting outages in the bank’s mobile and online services. Although some systems remain down, Interbank has reassured clients that deposits and financial products are secure, with most operations back online. A thorough review is underway, after which all services are expected to be fully restored.

Buy Me a Coffee

The attack was brought to light by “Dark Web Informer,” which found stolen Interbank data listed for sale on hacking forums by a threat actor going by the handle “kzoldyck.” This individual claims to have stolen over 3 million records containing names, account IDs, birth dates, credit card details, and even plaintext passwords. Additionally, they allege access to sensitive internal systems, including API credentials and Azure access.

Stolen Interbank data up for sale (BleepingComputer)

Despite a reported negotiation attempt, Interbank declined to pay the attacker. The bank has yet to disclose the full scope of affected customers but is committed to securing its systems in the wake of this breach.