Hacker Leaks Data Allegedly Stolen From HSBC and Barclays Banks

The data of major global banks HSBC and Barclays has reportedly been compromised and leaked on the popular hacker forum BreachForums.

The breach, disclosed on May 8, 2024, by a notorious hacker/data broker known as ‘IntelBroker,' involves a massive volume of sensitive data, including database files, certification files, source code, and numerous transaction records.

HSBC and Barclays are prominent figures in the banking sector. HSBC, headquartered in London, operates across 64 countries with over 40 million customers, boasting assets of approximately $2.9 trillion as of 2023. Barclays, also based in London, serves around 48 million customers and had assets totaling roughly $1.5 trillion in the same year. The breach poses a significant risk given the extensive global reach and the financial information these institutions handle.

The breach reportedly occurred in April 2024 through a contractor directly associated with both banks, although the specific contractor has not been identified in the disclosures. The leaked files include:

• Database Files
• Certification Files
• Source Code
• SQL and JSON configuration files
• Compiled Jar files

Additionally, specific data sets such as “notary_request_2024.csv” and “ledger_summary_2024.csv” containing hundreds of thousands of lines of detailed transaction data were made available. Although the precise number of impacted individuals is not disclosed, the volume of data suggests that millions of records might be affected.

The disclosed data encompasses extensive transaction details including account numbers, transaction IDs, and transaction types, posing a severe risk of financial fraud and identity theft for individuals and entities involved. Moreover, the release of source code and configuration files can provide malicious actors with deeper insights into the banks' operational frameworks, potentially paving the way for further exploits.

IntelBroker, who claims responsibility alongside another user, Sanggiero, offered the data nearly for free on the forum, charging just four credits on BreachForums. This nominal fee suggests a potential motive to disrupt or tarnish the reputation of the targeted institutions more than profiting directly from the stolen data, which is something IntelBroker has done many times in the past.

As of the last report, neither HSBC nor Barclays has confirmed the breach, so the hacker's claims remain unverified.

Out of an abundance of caution, customers of the mentioned financial institutes are recommended to reset their e-banking passwords, regularly check their bank statements and account activity for any unauthorized transactions, and consider placing fraud alerts on their credit reports.