On October 30, Interbank, one of Peru's largest and most recognized banking institutions, suffered a significant disruption in its systems that affected the bank's digital services, including online banking and the mobile application. The failure of these services caused great concern among its users, who were unable to access their accounts or carry out transactions, generating a wave of doubts about the reliability of the system.
The first few hours were crucial in the Interbank incident, as there was no immediate official communication, and rumors began circulating that the incident could have been caused by a cyberattack, further exacerbating the nervousness among customers. This speculation was quickly fueled by an account on X (formerly Twitter) known for posting information about cybercrime activities, giving more visibility to the rumor of a possible hack of Interbank and causing concern on social media.
This situation led Interbank to issue a statement acknowledging that, indeed, the incident involved a data breach, thus confirming the suspicions of a digital security problem. This acknowledgment triggered a series of investigations not only within the financial institution itself but also by cybersecurity agencies in Peru, who are assessing the scope and potential causes of the breach.
In the process, questions have arisen regarding Interbank's initial response, as well as the preparedness of the Peruvian financial sector in the face of cyber threats. This case, now involving multiple actors, is sparking an important debate about the need to improve cybersecurity infrastructure in the country and strengthen legislation and response protocols for incidents like the one at Interbank.
Chronology of the Data Breach: From the System Outage to Interbank's Confirmation
On Monday, October 30, Interbank experienced an interruption in its digital services that prevented customers from accessing accounts, transferring funds, and performing other banking operations.
This incident at Interbank was preceded by an outage on October 20, which also caused difficulties on its digital platforms, although at that time, the bank attributed the issue to a "system interruption" without providing further details. However, the second outage at Interbank led to a wave of speculation on social media, fueled by rumors of a cyberattack.
As Interbank's customers expressed their frustration, a social media account dedicated to cybercrime posted information suggesting that the data of millions of Interbank users had been compromised and was being used in cybercrime forums.
This revelation was the first public indication that the outage in Interbank's services could have been caused by a massive data breach. However, Interbank remained silent until the next day when its CEO, Carlos Tori, confirmed that it was indeed an extortion case.
According to Interbank, the leaked information included personal data from some clients, but the bank tried to reassure its user base by stating that no critical financial data or passwords had been compromised.
This confirmation from Interbank, however, left many questions unanswered and did not quell the concern among customers and the Peruvian financial sector in general. The data protection authority and the Superintendence of Banking, Insurance, and Pension Fund Administrators (SBS) launched investigations, demanding answers regarding the magnitude of the incident and the lack of immediate communication from the bank.
Extortion and the Revelations of “kzoldyck”: An Evolving Threat
While Interbank was handling the fallout from the disruption of its services, an attacker under the alias “kzoldyck” or “m0riarty” began posting on cybercrime forums and sending emails to the bank's executives, detailing the extortion negotiations they claimed to have had with Interbank. This cybercriminal alleged having accessed 3.7 terabytes of Interbank's information, potentially affecting more than three million customers.
In their messages, the attacker claimed to have started negotiations with Interbank on October 22, demanding a ransom of four million dollars in exchange for not disclosing the information. According to the attacker, Interbank did not comply with the payment, prompting the hacker to begin publishing samples of the stolen data online.
The files shared by the attacker included names, identification numbers, and other personal details of customers, though there was no confirmation of access to passwords or account numbers.
The attacker also claimed to have an infiltrator within Interbank, or at an associated company, who allegedly facilitated access to the bank's internal systems. This claim was not confirmed, but it revealed a sophisticated strategy that departs from typical external hacking and points to a weakness in the internal access controls of the institution.
This aspect has been one of the most concerning elements of the case, as it suggests the possibility of an internal collaboration network that facilitated the attack and represents an ongoing danger to the bank's digital security.
Details of the Intrusion: Access to Interbank’s Servers
The way the attacker, “kzoldyck,” gained access to Interbank’s systems is particularly relevant for understanding the vulnerabilities that facilitated this data breach. In a sample of the stolen files, a script was found that detailed access to Interbank’s databases, apparently using valid credentials that allowed the attacker to navigate through the customer information structure.
This suggests that the cybercriminal had considerable access to Interbank's internal systems, indicating that it was not a simple external intrusion, but rather a failure in internal security controls.
Additionally, a U.S.-based company, New Relic, responsible for monitoring Interbank's systems, became involved in the investigation after it was revealed that a recent attack on their systems could have served as a channel to facilitate the hacker's entry into the bank’s servers.
Although Interbank and New Relic have not explicitly confirmed this theory, the possibility of a connection between the two incidents has led Peruvian authorities to expand their investigations to assess the security controls and data management practices of all of Interbank's service providers.
The Superintendence of Banking, Insurance, and Pension Fund Administrators (SBS) is overseeing these investigations, and while Interbank claims to have strengthened its security controls, the incident has sparked a debate over the preventive and reactive measures that financial institutions must adopt to protect their customers in today’s digital world.
Regulation and Accountability: The Response of Authorities and SBS
In Peru, the regulatory framework regarding personal data protection requires both private and public companies to implement strict controls over access to and processing of users’ personal information.
The Personal Data Protection Law's regulations stipulate that any incident that could compromise data security must be immediately reported to the National Authority for the Protection of Personal Data. Moreover, in the case of financial institutions, SBS demands notification of cybersecurity events that could affect the financial stability of clients.
Despite these requirements, Interbank did not immediately notify authorities about the incident, which has led to questions about whether the bank complied with its legal obligations. SBS launched an investigation to determine whether the bank followed the reporting protocols and acted with due diligence to mitigate the effects of the breach.
If negligence is proven, Interbank could face penalties, including fines and corrective measures to strengthen its security systems.
Meanwhile, the National Authority for the Protection of Personal Data is also evaluating the impact of the breach and the extent of the data exposure. Authorities are working to determine whether Interbank maintained an adequate control system over its databases and implemented necessary mechanisms to prevent unauthorized access.
This incident has highlighted the need to update and strengthen cybersecurity regulations in Peru, especially in a context where digital threats are increasingly sophisticated and frequent.
Impact on Clients and the Financial Sector: Concerns and Protection Measures
The Interbank case has generated strong concern among its customers, who fear their personal data may be used for fraudulent activities. While Interbank has attempted to assure that the exposed information does not include sensitive transaction data, the fact that personal details were leaked already poses a significant risk.
Cybersecurity experts have warned that the exposed data from Interbank could be used for phishing attacks, identity theft, and other fraudulent activities that put users at risk.
Moreover, this incident has raised alarms throughout the Peruvian financial sector, as it has highlighted the need for stronger protection systems and incident response measures for cybersecurity.
Banks and financial institutions have been warned by SBS about the importance of implementing more robust protection measures, including data encryption, multi-factor authentication, and continuous monitoring of their systems to detect unauthorized access.
Consumer trust in financial institutions is essential for the stability of the banking system, and the Interbank case could have a long-term impact on the public’s perception of security. Financial institutions are evaluating how to improve their security protocols and communication with clients in the event of incidents, as transparency and prompt responses are crucial to maintaining public trust.
Cybersecurity in Peru: Other Cases and Interbank’s Context
The Interbank case is not the first of its kind in Peru. In recent years, several government and private entities have suffered cybersecurity incidents that have compromised the personal data of thousands of citizens.
For example, the National Registry of Identification and Civil Status (Reniec) suffered a breach that exposed the data of millions of Peruvians in 2022. Similarly, the National Police of Peru (PNP) was also targeted by attacks that compromised sensitive information about ongoing investigations and police operations.
These incidents reflect a context in which the country’s digital infrastructure still lacks the necessary protection mechanisms to face growing cybercrime threats. In the financial sector, the challenge is even greater due to the sensitivity of the data and the high exposure of banking systems that handle monetary transactions and critical data.
The Peruvian government has begun working on developing a national cybersecurity policy, but experts insist that strengthening cooperation between the public and private sectors is essential. The creation of a specialized cybersecurity team and investment in advanced technology for data protection are critical to addressing the digital threats affecting the country.
The data breach at Interbank represents a turning point for the financial sector in Peru and highlights the vulnerabilities faced even by the country’s largest institutions. This incident not only affects Interbank’s reputation but also risks undermining customer trust across the entire Peruvian banking system, exposing the urgent need for stronger security systems.
Furthermore, the Interbank case underscores the importance of implementing a coordinated response to cybersecurity incidents, one that goes beyond containing the threat and prioritizes transparent and timely communication with those affected. The lack of clarity or delays in providing information to Interbank's customers could exacerbate the impact of the incident, affecting both public perception and the trust relationship between users and the bank.
The importance of an effective response to a digital security crisis extends to all business sectors handling sensitive data, highlighting the need for clear and strict protocols. This involves, among other measures, the implementation of advanced monitoring and threat detection tools, which allow for the early identification of unauthorized access attempts, as well as continuous staff training in cybersecurity practices.
Moreover, crisis response plans should include proactive communication mechanisms that keep clients informed and provide concrete recommendations for protecting their personal information. These actions not only help mitigate the immediate impact of the incident but are also crucial for strengthening the organization’s resilience against future threats.
In this context, the breach at Interbank highlights the gaps in cybersecurity legislation in Peru, where current regulations may not be up to par with the growing digital threats facing the country. The need to review and update personal data protection laws becomes evident, as technology and cybercrime techniques evolve rapidly.
Implementing international standards in data protection and cybersecurity would not only strengthen the regulatory framework but would also encourage companies to adopt more rigorous practices and employ state-of-the-art cybersecurity defense systems. Such legislative measures should also include specific sanctions that incentivize compliance with security protocols and foster a solid cybersecurity culture within the business sector.
Finally, Interbank's experience serves as a strong reminder for authorities and private companies to reinforce cooperation on cybersecurity matters, promoting joint initiatives to improve the country’s data protection infrastructure. Additionally, the development of a national cybersecurity policy would be a key step in addressing the growing threats of cybercrime and protecting the sensitive information of Peruvian citizens.
This Interbank case should serve as a lesson for the country to make significant strides toward creating a safer digital environment, not only for the financial sector but for all industries that depend on the trust and security of their digital systems.
If you want to learn more about cybersecurity cases like Interbank’s, contact us at [email protected]. We provide cybersecurity solutions to keep your operations secure.
EN 
ES