Cyberattack Targets Major Colombian Banks: Data Leaks Surface on Dark Web

The Alleged Breach

Grupo Bancolombia, one of Latin America’s largest banking groups, with over 30 million customers across several countries, is among the victims reported by cybernews. Screenshots and files allegedly taken from the bank’s internal content management system were shared on DarkForums by the threat actor. These files appear to show limited customer data, such as names and login/logout timestamps for users of the bank’s digital services.

In addition to these system-related files, the hackers also posted three PDF documents containing customer and advisor records. These documents reportedly included full names, geographical information, and details about customer insurance plans. While the information is somewhat limited, researchers have pointed out that this kind of data could be cross-referenced with other leaks to target specific individuals. However, no direct contact details, like phone numbers or email addresses, were included in the disclosed information.

Bancolombia Breach Post

×Image of: Bancolombia Breach Post

Banco de Bogota

The same threat actor also claimed to have breached Banco de Bogotá, which has nearly 10 million customers. The hacker posted a smaller dataset in comparison to the one from Bancolombia, containing around 30 records with full names, phone numbers, and physical addresses. While the leak seems less substantial, the inclusion of direct contact information poses a greater risk. Cybersecurity experts suggest that this kind of data could facilitate social engineering and phishing attacks, making those affected particularly vulnerable to fraud.

Potential Risks

One of the greatest dangers posed by these types of leaks is the ability of threat actors to cross-reference data across multiple breaches. For example, while the leaked data from Grupo Bancolombia may seem harmless in isolation, it becomes more dangerous when combined with other compromised information. Threat actors could potentially link customer names and login timestamps to phone numbers from the Banco de Bogotá breach or previous leaks involving telecommunications companies.

This combination of data allows attackers to craft highly targeted phishing emails or scam calls. By mentioning specific insurance plans or referring to recent banking activity, hackers could convincingly impersonate bank representatives and trick customers into disclosing additional sensitive information. In this sense, even relatively small leaks can have wide-reaching consequences when combined with other exposed data.

What Can Customers Do?

For customers of both Grupo Bancolombia and Banco de Bogotá, the leak serves as a reminder of the persistent threats posed by cybercriminals. If the hackers’ claims are true, millions of individuals are potentially at risk. Those affected should remain cautious and vigilant for any unusual activity related to their bank accounts. While both banks have yet to confirm the breaches, customers should be alert to any suspicious communications they receive, especially those asking for personal information or claiming to be from bank representatives.

Conclusion

The claims of a major breach targeting two of Colombia's largest financial institutions have surfaced on the dark web, with threat actors leaking sensitive customer data. While the exact scale of the breaches remains unverified, the disclosed information poses serious risks to affected individuals. As cybercriminals increasingly leverage cross-referenced data to execute more sophisticated attacks, both institutions’ customers must remain cautious and prepared. Until further details emerge, these attacks highlight the ongoing vulnerabilities within the financial sector and the persistent threats facing users worldwide.