The infamous IntelBroker hacker claims to have breached a third-party contractor and stolen sensitive data belonging to two prominent banks in the United Kingdom: HSBC and Barclays. The hacker has already leaked a substantial portion of the alleged compromised information on Breach Forums, a notorious hub for cybercriminal activity, and the data is now circulating on several prominent Russian-language forums.
Details of the Breach
According to a post by IntelBroker, the breach occurred in April 2024 when the third-party contractor, which remains unnamed, was compromised. The hackers, IntelBroker and an associate known as “Sanggiero,” claim to have exfiltrated a variety of sensitive files including:
- SQL Files
- Source Code
- Database Files
- Certification Files
- Compiled JAR Files
- JSON Configuration Files
- Email addresses (Over 500,000 but once duplicates are removed, the number decreases to only 81 unique addresses).
The leak appears to include a mix of technical and potentially sensitive information that could pose significant risks if exploited by malicious actors.
The leaked data, though not a complete dataset, is significant in scope. The information could provide hackers with the resources needed to carry out subsequent attacks on HSBC and Barclays customers or internal systems.
Additionally, the inclusion of source code and compiled jar files is quite concerning as it could reveal insights into the internal workings of the banks’ software systems. Certification files and JSON configuration files might also provide crucial details that could be used in sophisticated phishing attacks or to exploit vulnerabilities in the banks’ infrastructure.
Third-Party Risk Management
This incident shows the challenges financial institutions face in managing cybersecurity risks associated with third-party contractors. In recent years, several high-profile data breaches have been traced back to vulnerabilities in third-party systems, emphasizing the need for robust vendor risk assessment and management strategies.
In the United Kingdom, data breaches related to third-party contractors have become quite common. In October 2023, a contactor data breach exposed over 500,000 Irish Police vehicle seizure records. In September 2023, a contractor data breach impacted 8,000 Greater Manchester Police officers. In August 2023, an IT contractor suffered a data breach which exposed 47,000 Metropolitan Police Force personnel.