Banco Pan suffers a leak and 64,000 customers have their data exposed

Banco Pan was the victim of a leak that exposed the data of 64,000 customers, as revealed by Felipe Payão, cybersecurity editor at the TecMundo portal. The information was disclosed at 1 pm this Friday (15). According to Payão, the total number of leaked accounts could have reached 22 million, but Pan confirmed that there were 64 thousand. The institution also confirmed that there was an unauthorized access in the early hours of Thursday (14). The access likely resulted in the data being leaked. The leak did not expose data that compromised the bank’s security, but sensitive customer data was exposed. Then, a file containing all the data began to circulate on the internet. Among the information contained in the list are: name; CPF number; birth date; address; customer account number; balance; invoice amount (for those who use a credit card). The information was extracted from March 1 to March 20, 2022.

Leaking and extortion

According to Banco Pan, the leak did not affect the bank’s systems, but a third party. In this case, a technology provider whose name was not disclosed. The failure occurred in the technology used in one of Pan’s systems.

“We recently detected a weakness in the platform of a technology provider, used in the Customer Service Center in the card segment. We activate our security protocols, notify the software company for immediate correction of the vulnerability and hire independent expert advice for a complete analysis”, said the bank.

Payão also spoke with a source connected to the person who carried out the attack on the bank, who explained the process in detail. According to the alleged source, the credentials of the email accounts that control customer data were the main target. Subsequently, the attacker started an API identification process from where the data was extracted to the email system. Finally, he developed a system to extract customer information, which was later compiled into a file. The complete file would have 25GB of information, which would confirm the information for the 22 million affected accounts. However, Payão and TecMundo only confirmed the leak of 64,000 accounts, which was reported by Pan. A second anonymous source that addressed the TecMundo commented on an extortion attempt to prevent disclosure. In other words, there would be a second crime, in addition to the invasion, of which the PAN would be the victim.

frequent leaks

Leaking bank data is frequently on the agenda in major newspapers. Almost four years ago, Banco Inter was the target of this type of crime, which compromised the registration data of 19,961 bank account holders. Of these, 13,207 contained bank details, such as account number, password, address and CPF. More recently, the leaks even affected Pix’s payment system, as reported by CriptoFácil, when 2,112 customers of Logbank Soluções em Pagamentos had their Pix keys leaked. A direct consequence of these leaks is the loss of trust in banking institutions and the increase in care. About 56% of Brazilians say they are very careful with their exposure and adopt protective measures in relation to their data. Read also: Montenegro targets cryptocurrencies and gives citizenship to Vitalik Buterin from Ethereum Read also: Portugal: Bison Bank becomes first traditional bank to transact cryptocurrencies Read also: Apple criticizes Meta for almost 50% commission on sale of digital items in its metaverse