SANTIAGO – On Wednesday night there was a massive leak of customer data of Chilean banks after hackers gained access to some 14,000 credit card numbers before publishing the credit card numbers, expiration dates and security codes online.
Although the attack was mainly aimed at the Bank of Chile, there were at least 12 other entities involved, including the BCI, Falabella, Santander and BancoEstado banks.
In a brief statement, Banco de Chile said that “about the incident that affected about 14 thousand credit cards of industry banks, among which there were only 497 active Banco de Chile cards, we activated our security protocols and blocked these cards in a preventive manner.”
Later the bank stated that its clients “have already been duly informed, who will have their new cards available as soon as possible.”
Other banks also notified clients of the intrusion. For its part, the BCI Bank reported that it also blocked the credit cards whose data were filtered.
Comunicado @SBIF: Actualización de información: incidente de seguridad de tarjetas de crédito. Lea completo este comunicado aquí: https://t.co/NUGxCn3mip pic.twitter.com/1z7STqDH8t
— SBIF (@sbif) July 26, 2018
The Superintendency of Banks and Financial Institutions (SBIF), said the hack was carried out by a mysterious group called the Shadow Brokers, known for hacking the NSA in the United States in 2016.
The government’s bank regulatory agency also filed a complaint with the Central North Metropolitan Regional Prosecutor on Thursday afternoon, requesting the investigation of the facts that led to the disclosure of a file with credit card information.
The complaint was filed by the deputy superintendent, Osvaldo Adasme, and gives an account of the events that began with a publication on the social network Twitter, where access is given to a file with information on more than 14,000 credit cards.
The document states that “provided that the information on a credit card is maintained and administered on the computer systems of the issuing and operating institutions, as well as on the establishments that accept such means of payment, the events described could be framed within the criminal offenses referred to in articles 2 and 4 of Law No. 19,223, on criminal statuses relating to information technology, which punish those with the aim of seizing, using or knowing wrongly the information contained in a system of treatment of the It intercepts, interferes or accesses it, and maliciously reveals or disseminates the information contained in an information system.”
Banco de Chile accuses computer specialist of stealing US$700,000
In June, Banco de Chile, one of the biggest in this country, said hackers robbed it of $10 million (Dh36 million).
That hack was carried out from eastern Europe or Asia and some of the money ended up in Hong Kong, the bank said.