HSBC and Barclays Banks Reportedly Breached: Data for Sale on Hacking Forum

In a worrying development for the banking industry, media reports have surfaced about a major breach linked to HSBC and Barclays.

HSBC and Barclays Loses Customers’ Data

In the early hours of Tuesday, threat group tracker HackManac posted that some threat actors uploaded some data on a forum to sell.

#DataBreach Alert ⚠️ (Updated)

HSBC and Barclays banks allegedly breached

Allegedly, data belonging to HSBC and Barclays banks are for sale on a hacking forum.

The threat actor IntelBroker, in collaboration with another well-known cybercriminal, Sanggiero, claims that in… pic.twitter.com/fAKdNhqURp

— HackManac (@H4ckManac) April 2, 2024

The post also stated that the actors behind the attack were namely IntelBrokers and Sanggieros. They stole data which consisted of private security certificates, PIX keys, JKS files, signing keys, compiled .Jar files and source codes. They got access to this information after gaining access to the Github that stores them

It is worth noting that the reports were from open sources and the financial institution has not denied or confirmed the attacks. Nonetheless, the post mentioned that the attack was a third-party hack.

See also: U.K Allegedly Identify China As The Culprit Behind ‘Voters Data’ Cyberattack

This tweet highlights the need to perform a thorough and prompt investigation as well as the implementation of monitoring procedures to detect any weak points and reduce the associated risks to data leaks.

Similar Attacks on Third-party Vendors

This is not the first Barclay and HSBC vendors are falling victim to third-party attacks. Two months ago Travelex was under pressure as it suffered a cyberattack.

The hacks crippled several large banks such as the Royal Bank of Scotland, HSBC and Barclays, as well as others, with the cybercriminals extorting quite a lot of money from all of them.

According to the Finablr’s, Travelex’s owner may not incur massive losses due to the exploits. Nonetheless, the firm took down all of its websites. It also identified the infamous ransomware gang called Sodinokibi, AKA REvil.

As per the report, the cybercriminals are demanding cash of up to $6 million. They threatened to release 5GB of customers’ personal data – including social security numbers, dates of birth, and payment card information – into the public domain unless Travelex pays up.