Banco Neon, a Brazilian digital bank, reportedly experienced a significant data leak involving approximately 30 million customers. The cybercriminal group responsible for the leak, identified as “banconeon,” claimed to have stolen sensitive data from the bank’s systems. The leaked information included personal details such as names, genders, emails, phone numbers, CPF (Brazilian tax identification numbers), income, balance, and even photos of customers, along with transaction histories. Images and videos showcasing the stolen data were posted on a cybercriminal forum, though the hacker did not place a price on the leaked information.
Following the leak, Banco Neon confirmed the unauthorized copying of customer data but reassured its clients that no bank accounts had been accessed or compromised. The bank quickly implemented security measures to cease any further improper access and began an investigation to determine the full scope of the breach. Although the bank did not verify the exact number of affected customers, an anonymous source corroborated that the leaked data stemmed from the bank’s internal “Backoffice system.” Despite this breach, the bank’s operations continued without any notable disruptions.
The breach raised concerns about how it occurred, with no clear indication of a ransomware attack.
Some experts believe that the leak could have been caused by unauthorized access aimed at damaging Banco Neon’s reputation. The cybercriminal group behind the leak made no attempt to sell the data, which adds to the mystery surrounding the motivations behind the incident. The leak occurred shortly after Banco Neon reached a significant financial milestone, achieving “breakeven” status and expanding its customer base to 32 million, further amplifying the potential impact of the breach.
Customers affected by the leak are urged to take preventive measures to protect their personal information. This includes being cautious of phishing attempts, using updated antivirus software, enabling two-factor authentication for online accounts, and staying informed about suspicious activities. The breach serves as a reminder of the importance of safeguarding sensitive data, especially for digital banks handling large amounts of personal and financial information.
Reference:
