Hacker stole 1.2T of data from Standard Bank of South Africa

The Standard Bank of South Africa has admitted that malicious actors stole vast amounts of data from its network, but said the data was taken from internal administrative and document filing systems and not core banking systems.

 

The bank first announced the data security incident in a notice on its website on March 23, stating that some of its data was subject to unauthorised access. The bank said it quickly took steps to secure its environment and launched an investigation into the incident with help from cyber security experts.

 

“Our transactional systems remain secure and operational, and available to all our clients and employees,” the bank said. “The safety and security of our clients’ information is, and remains, our top priority. We operate within a robust regulatory framework and fully comply with all applicable obligations.

 

“We will directly notify the select number of clients that are affected. We have increased our monitoring and encourage our clients to remain vigilant.”

 

The bank added that the data security incident did not affect its transactional banking systems and therefore, all customer accounts remained secure and operational. It, however, admitted that data related to some clients had been compromised and it would notify them individually.

 

Headquartered in in Johannesburg, Standard Bank is Africa’s largest bank in terms of customer base and the volume of assets. As of December 31, 2025, the bank had total assets worth $218.31 billion, employed over 54,000 people, and operated in over 20 Sub-Saharan African countries.

 

The bank issued another update on April 2, stating that the compromised data included certain clients’ names, ID numbers, company registration numbers, phone numbers, email addresses, and bank account numbers. 

 

In its latest update on the data security incident, the bank admitted that the hackers who accessed parts of its network had made certain client and company-related data public. The stolen data was taken from the bank’s internal administrative and document filing systems and not transactional banking and core operating systems.

 

The disclosure followed a threat actor using the pseudonym "Rootboy" claiming that they had accessed Standard Bank’s systems for about three weeks and exfiltrated about 1.2 terabytes of data that included more than 154 million SQL database rows.

 

“In late February, access was gained to Standard Bank and Liberty’s systems,” Rootboy said in an online post. “This access was maintained for just over three weeks as we moved through Sharepoint, OneDrive, Power apps, App Dynamics, Jira, Confluence, Citrix, Remedy, Microsoft and Oracle SQL databases, and a number of native applications.” Rootboy added that the stolen data included customer records.

 

Standard Bank said that considering a lot of sensitive data has been made public, it is actively engaging with clients who have been impacted and is taking steps to ensure that the stolen data is not misused to target or defraud them.

 

“Protecting our clients remains our highest priority and we have, therefore, implemented a range of proactive measures, including enhanced monitoring of credit bureau activity, additional transaction monitoring and fraud detection across our platforms,” Standard Bank said.

 

“Additional proactive precautionary steps continue to be implemented to further safeguard affected clients. We also encourage our clients to remain vigilant.

 

“As a trusted financial services provider, as we proceed with the intensive investigation process, we have complied with applicable regulatory notification requirements and will continue to cooperate with the relevant authorities,” it added.