Standard Bank has confirmed that client data stolen in a cyber incident first disclosed on 23 March 2026 has now been published online. The leaked information includes client names, ID numbers, contact details, account numbers, and a limited set of credit card details (card numbers and expiry dates, but not CVVs). A threat actor using the handle 'ROOTBOY' claims to have spent three weeks inside the bank's network, exfiltrating approximately 1.2TB of data, and is demanding one bitcoin to halt further releases. Standard Bank has not confirmed or denied a ransom demand. The bank's subsidiary Liberty Group disclosed a related but separate breach the following day. Standard Bank is proactively replacing affected cards, enhancing fraud monitoring, and urging customers to update passwords and enable biometric authentication.
Table of contents
Read: Africa bears the brunt of global ransomware attacksRead: Ransomware attackers claim hit on Methodist Church of Southern AfricaSort: