Standard Bank and Liberty Suffer Major Data Breach Impacting 1.2TB of Records
Learn More
Standard Bank, a major financial institution in South Africa reports a data breach on March 23, 2026. The incident is related to the breach of their insurance subsidiary Liberty, which was reported at the end of March 2026.
A threat actor known as "Rootboy" claimed responsibility for the attack on a dark web forum and asserts they maintained access to the bank's network for over three weeks starting in late February.
The attackers moved through several internal platforms, including SharePoint, OneDrive, Jira, and Confluence. They also accessed Citrix environments and Microsoft and Oracle SQL databases to steal data. Rootboy claims to have stolen 1.2 terabytes of information, which allegedly includes 154 million database rows. Standard Bank stated that its core transactional banking and operating systems remained secure and were not part of the breach.
The compromised data allegedly includes:
- Customer and company names
- Identity (ID) and business registration numbers
- Bank account numbers
- Credit card numbers and expiry dates (limited subset)
- Contact details including phone numbers, physical addresses, and emails
- VAT registration numbers and B-BBEE categorization
The nature of the attack and the number of affected individuals is not disclosed.
Standard Bank isolated the affected systems, started an investigation and notified relevant authorities. For customers with exposed credit card details, the bank is replacing cards and adding extra transaction monitoring. The organization is contacting affected clients directly and has increased fraud detection across its digital platforms.
