More than 13 million records belonging to Banorte customers for sale on dark web; contact your bank to prevent theft and fraud

Specialists from a cybersecurity firm claim to have found a hacker selling a database with more than 13 million confidential records belonging to clients of the Mexican bank Banorte; this information can be found on a malicious hacking platform on dark web, dedicated to the sale of stolen information, malware and other illegal services.

Security breach incidents certainly show how vulnerable the systems of many organizations are, whose security measures are not strong enough to keep hackers away.

On May 31, Bank Security researchers revealed that a malicious hacker created a post on a well-known dark web forum to announce the sale of this information, which would allow all kinds of highly targeted attacks to be deployed against affected users.

Records sold by the threat actor include personal details such as:

  • Full names
  • Email address
  • Dates of birth
  • Address
  • Telephone number
  • Income level
  • Taxpayer identification

At the moment more details about this incident are unknown, such as the method by which malicious hackers accessed this information or the amount for which interested parties can purchase this information. It appears that Banorte has already received a notification in this regard, although the banking institution has not commented on the matter. Investigators will continue to try to verify the legitimacy of this leak, although so far it has not been possible to verify that hackers actually have the aforementioned data under their control.

The researchers deduce that the hackers were able to steal this data by compromising some server of the bank or belonging to some external provider. Last year, Scotiabank faced similar problems after a group of hackers managed to gain access to a GitHub repository that stored samples of the source code of the bank’s mobile app, which put millions of customers in serious trouble.

Moreover, the cybersecurity specialists who detected this material point out the ease with which hackers can access this data: “A huge amount of financial customer data is available to cybercriminal foreign hacking groups; in the wrong hands, this information can be used to steal millions of bank accounts and scam millions of users through social media, phishing and fraudulent campaigns through text messages and phone calls.”

Wide data availability is not a new issue, but the idea of such a large database being on sale when everyone is dependent on mobile and online payment shows how easily malicious agents can cause serious problems for millions of unsuspecting users.

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.