Threat actors are claiming to have accessed sensitive data linked to major Colombian financial institutions – Grupo Bancocolombia and Banco De Bogota, posting samples on an underground forum.
An alleged cyber threat has hit the Colombian financial sector, as hackers have been bragging about breaching two of the nation's largest institutions: Grupo Bancolombia and Banco de Bogotá.
Grupo Bancolombia serves approximately 30 million customers across Latin America, including operations in Colombia, El Salvador, Panama, Puerto Rico, and Guatemala. Banco de Bogota has nearly 10 million customers and a workforce of over 15,000 employees.
The claims surfaced on DarkForums. The same threat actor has recently posted data samples on the notorious forum, claiming they are from the banks’ customers. However, the full extent of the alleged breaches remains unverified.
Cybernews has reached out to the banks for comment, but has not yet received a response.
Grupo Bancolombia customer data allegedly leaked
In the case of Grupo Bancolombia, the threat actor shared several files, including screenshots that appear to show an internal content management system associated with its digital services. The images include limited customer information, such as names and login or logout timestamps.
Additional files included three PDF documents containing small datasets of customer and advisor records. These records had full names, location data, and insurance plan details.
Cybernews researchers who investigated the provided data samples found no direct contact information.
“Since there is no contact information available directly, exposed data may be cross-referenced with other leaked data to craft more targeted attacks for these affected individuals,” our researchers explained.
Hackers claim attack on Banco de Bogota
The same threat actor also claimed to possess data linked to Banco de Bogota. The sample files shared in that post contained about 30 records, including full names, phone numbers, and physical addresses.
While the dataset is limited, it includes more direct contact information, which could increase the risk to affected individuals.
“The bank clients exposed in this breach might be at risk of social engineering and phishing attacks. The breach is not verified yet, but customers should be alert to any suspicious correspondence related to their bank account,” said Cybernews researchers.
Cross-referencing breached data increases the risks
The biggest risk from such data exposures is that threat actors can cross-reference it. In isolation, a list of insurance plans or login times may seem manageable.
However, when combined with phone numbers from the Banco de Bogota leak or previous telecommunications breaches, the threat becomes potent.
Threat actors can craft emails that mention specific insurance plans or "recent activity" based on CMS login times, tricking users. They can also use the names of "advisors" found in the Sufi PDFs to impersonate legitimate bank staff.
How to stay safe?
Given the scale of these institutions, millions are potentially at risk if the hackers' broader claims are true. Customers of both banks are advised to:
- Be skeptical of bank officials calling you: Never provide passwords or one-time codes (OTPs) over the phone, even if the caller knows your full name and address.
- Monitor account activity: Use the official banking apps to check for unauthorized logins or transactions daily.
- Report suspicious messages: Forward any unusual SMS or emails to the banks' official fraud departments immediately.
Unlock more exclusive Cybernews content on YouTube.
Your email address will not be published. Required fields are markedmarked