Interbank Peru data breach
After a two-week extortion negotiation collapsed, a threat actor known as kzoldyck leaked 3.7 TB of data on roughly 3 million Interbank customers, including names, DNI numbers, card data, and plaintext credentials.
- Victim
- Interbank (Banco Internacional del Perú)
- records
- 3.3M
- users
- 3.0M
On 30 October 2024, Interbank — one of Peru's largest banks, formally Banco Internacional del Perú — confirmed a major data breach after a threat actor published stolen customer data on a dark-web forum, ending a failed two-week extortion attempt.
What happened
A threat actor operating under the alias kzoldyck had contacted Interbank around mid-October 2024, claiming to possess a large trove of customer and internal data and demanding payment — reportedly around US$4 million — to keep it private. After roughly two weeks of negotiation, Interbank refused to pay, and the attacker dumped the data on BreachForums.
The bank acknowledged the incident publicly, stating that "some data of a group of clients has been exposed by a third party without our authorization," while insisting that customer deposits and financial products remained secure.
Impact
According to the attacker and breach-tracking services, the leaked dataset totaled roughly 3.7 terabytes and covered more than 3 million customers, with about 3.3 million records later indexed publicly. The compromised fields reportedly included:
- Full names, dates of birth, home addresses, phone numbers, and email addresses.
- Peruvian national identification numbers (DNI).
- Credit card numbers, CVV codes, and expiration dates.
- Banking transaction histories.
- More alarmingly, plaintext usernames and passwords and internal system credentials, including API, LDAP, and Azure access.
During the disruption, customers reported difficulty logging in and changing passwords, and Interbank took some online services offline while it investigated.
Response
Peru's banking regulator, the Superintendencia de Banca, Seguros y AFP (SBS), announced it was monitoring the incident for potential regulatory breaches. Lima's Cybercrime Prosecutor's Office opened an investigation, bringing charges against the alleged hacker and demanding that Interbank produce a cybersecurity report and evidence that the underlying vulnerabilities had been remediated.
Why it matters
The Interbank breach is widely regarded as the highest-profile financial-sector data breach in Peru's recent history. The reported presence of plaintext passwords and internal credentials pointed to serious gaps in data-handling practice at a major bank. It also became a reference case for the "refuse to pay" outcome: declining the ransom did not prevent publication, exposing the limits of negotiation once data has already been exfiltrated — and underscoring why prevention and encryption-at-rest matter more than post-breach bargaining.
Timeline
A threat actor using the alias 'kzoldyck' begins a roughly two-week extortion negotiation with Interbank, claiming to hold stolen customer data.
After Interbank refuses to pay, the attacker publishes the stolen data on a dark-web forum; the bank acknowledges that some client data was exposed.
Media report the dataset totals about 3.7 TB covering more than 3 million customers; Interbank takes some services offline.
Peru's banking regulator (SBS) says it is monitoring the incident; Lima's cybercrime prosecutor opens an investigation.
Roughly 3.3 million records are indexed in public breach-tracking services as the bank restores normal operations.
Sources
- bleepingcomputer.comhttps://www.bleepingcomputer.com/news/security/interbank-confirms-data-breach-following-failed-extortion-data-leak/
- therecord.mediahttps://therecord.media/interbank-peru-data-breach
- securityaffairs.comhttps://securityaffairs.com/170431/data-breach/interbank-refused-to-pay-the-ransom.html
- obscureiq.comhttps://www.obscureiq.com/circulating-data-breach/interbank-2024-xml/