SANTIAGO – BancoEstado, Chile’s only state-run lender, reported two data leaks within two days. On Wednesday, personal details linked to nearly 170,000 accounts were exposed. This was the second attack after early Monday details of some 80,000 clients were stolen.
State-run bank BancoEstado confirmed that at around 12 p.m. this Wednesday it was targeted a second time this week, and around 170,000 clients were affected. The first attack this week occurred Monday, affecting 80,000 clients. In both attacks important information such as names, national identity numbers (RUTs), and card serial codes were stolen. As a security measure, the bank has blocked the relevant cards and assured that the leak doesn’t imply a risk for customers.
A cyber-terrorist group which calls itself La Balsa Pirata claimed on Twitter responsibility for the first attack. They attached a link to a website with a mass database containing personal information of Chilean citizens. The website presumably showed information like the last address registered by users, emails, and phone numbers. “All your BancoEstado cards belong to us, and more than 70,000 IDs, names and serial codes from the bank too,” the group wrote.
Con respecto a la filtración de datos de nuestros clientes informamos lo siguiente: pic.twitter.com/TlPTBZDoIH
— BancoEstado (@BancoEstado) August 29, 2018
Dicom data allegedly cracked
Another cyber-crime group called The Shadow Brokers has also raised concern in the Chilean banking environment. They have published credit card details and information of bank employees. In addition, the hackers purportedly eliminated around 500 people from the Dicom database. Dicom is a private enterprise that registers consumers’ commercial data, which in turn is used to evaluate creditworthiness. The company holds highly sensitive and personal data about credit cards, loans, and other economic transactions.
But national banking watchdog Sbif qualified the story as a farce.
“It was said information of the debtors had been erased from the Dicom server. Nevertheless, the list corresponded to the first 501 names registered in the electoral service of Chile, people living in the community of Carahue,” Sbif said according to news site biobiochile.
The website also cited security expert Paulo Colomés as saying that Dicom records are fenced in securely because Equifax, the enterprise in charge of the security system, keeps backups in several places around the world.