Interbank, one of Peru’s leading banks, confirmed a significant data breach affecting millions of its customers. The hacker, operating under the alias “kzoldyck,” claimed access to data belonging to over 3 million customers and threatened to publish the data publicly after Interbank reportedly declined to pay a ransom. Peruvian reporting documented the bank’s public response and service disruptions.
The Scope and Impact of the Interbank Data Breach
Cybersecurity researchers confirmed the extensive nature of the breach. The compromised information includes:
- Full names and account identifiers
- Birth dates and addresses
- Phone numbers and email addresses
- Bank card details, including numbers, expiration dates, and CVV codes
- Transaction histories
- Online banking credentials, including alleged plaintext passwords
Of particular concern is the alleged access to plaintext passwords, which would allow unauthorized access to customers’ online banking accounts without any additional cracking effort. This level of data exposure presents significant risks for identity theft, financial fraud, and account takeover attacks.
Approximately 3 Million Interbank Peru Customers and Account Holders
The breach directly affects approximately 3 million Interbank customers in Peru. Beyond those individuals, the incident poses broader risks for:
- Customers who reuse Interbank passwords on other platforms, since stolen credentials are routinely tested against other services
- Businesses banking with Interbank whose account and transaction data was exposed
- Third parties whose contact details appeared in Interbank customer records
- Other financial institutions in Latin America that may face similar attack vectors
Interbank’s Response and Security Measures
In response to the breach, Interbank took immediate steps to mitigate damage:
- Implementing additional security protocols and temporarily restricting certain online banking features
- Conducting an internal investigation to determine the breach’s cause and extent
- Notifying customers about potential risks via official channels
- Enhancing monitoring for suspicious account activity
Users reported intermittent issues with mobile apps and online platforms during this period, consistent with emergency security measure deployment.
Evolving Cybercriminal Tactics and Lessons for the Financial Industry
This incident illustrates a notable shift in cybercriminal strategy. Instead of encrypting data and demanding ransom, the attacker opted for direct blackmail — threatening to publish confidential customer data. This extortion model bypasses the need for ransomware infrastructure while creating intense reputational pressure on the victim organization. A comprehensive defense requires:
- Regular security audits and penetration testing of banking applications and APIs
- Implementation of multi-factor authentication for all customer-facing login flows
- Robust encryption for data at rest and in transit, with password hashing using bcrypt or Argon2
- Employee training on social engineering and insider threat prevention
- Development and regular testing of incident response plans
What Affected Customers Should Do Now
- Change Interbank online banking passwords immediately and enable MFA if available
- Update the same password on any other service where it was reused
- Monitor bank statements and card transactions for unauthorized activity and report anomalies immediately
- Place a fraud alert with Peruvian credit bureaus to prevent unauthorized account openings
- Be alert to phishing emails or calls using breached personal data to impersonate Interbank staff
Affected customers should monitor public notices and consumer-protection updates in Peru and avoid responding to unsolicited contact claiming to be from Interbank security teams, which may be phishing attempts exploiting the breach.
