Lawrence Abrams reports on a new “press release” from the Maze ransomware operators. The release was posted yesterday and claims that the Maze Team had successfully attacked Banco BCR, the state-owned bank of Costa Rico in August, 2019
The attackers claim that the bank never complied with its obligations to notify other banks and regulators. And when the attackers revisited the situation in February, 2020, they found that they could still access data.
This time, they claim, they did not encrypt the data, saying that it “was at least incorrect during the world pandemic,” but claim to have stolen a few years of data, including 11 million credit cards.
Of these credit cards, 4 million are stated to be unique and 140,000 allegedly belong to people from the USA.
The attackers posted a sample of redacted credit card numbers as proof.
Read more on BleepingComputer. If you had or have an account with that bank, you should contact them to check on the status of your account. You may want to freeze it. Then again, if their security is as bad as Maze Team would have us believe, you may wish to consider canceling it altogether.
DataBreaches.net reached out to BancoBCR yesterday to request a comment on the claims, but has not received any reply from their media contact or any of the four other executives and employees who were contacted. I see that Abrams hasn’t received any reply yet, either.
This post will likely either be updated or a follow-up post written as more information becomes available.