Hacker Reportedly Breaks Into Access Bank Database, Steals Personal Data, BVN Of Over 2,000 Customers

A software technician has allegedly hacked into the database of Access Bank, stealing personal data of thousands of customers of the bank.

The Hacker, Chris Ihebuzo claimed that BVN, account numbers, personal information and “encrypted passwords” of the bank were compromised in the hacked server.

According to Ihebuzo, his motive was not to steal customers’ money but to expose how unsecured the Access Bank database was as at the time he hacked into the bank network adding that he could debit their accounts without their consent going by the information at his disposal.

The hacker in a video which has gone viral printed out customers’ accounts, including their BVN, account numbers, and other details.

Reports say Customers of Access bank are doing panic withdrawal of the money over the alleged claims which has gone viral on social media.

Reacting to the claims, Access Bank, however, assured its customers of the safety of their money.

“Our attention has been drawn to some social media reports claiming a data breach of our systems,” Amaechi Okobi, Access Bank’s Head of Corporate Communications said.

“Access Bank herewith confirms that there is no cause for alarm. We would like to reassure all our stakeholders and the general public of the security and integrity of our banking platforms which at this time are the best-in-class.”

“Criminals have posted pages purporting to contain customer account information. We’ve alerted law enforcement agencies and ask that you ignore the post. There is no threat to your account balances.

“Pls. continue to follow security protocol by never sharing your account details, Access Bank said.

BIGPEN recalls that on August 25, Bank Security, a Twitter handle focused on bank security threats, had reported that the database of Unity Bank, a Nigerian commercial bank, was being shared online on hacker forums.

One hacker claimed they had shared “only small dump” from the bank, and said “bigger dumps coming [sic] soon”. 

At least three other hacker forums have since reportedly shared the same database, according to Bank Security.

According to a report in TechCabal, Bank Security, which was the first to disclose the alleged breach said it was a database file “containing PII data of over 53k customers.”

But on close examination of the SQL script and data posted online, the data is not customer information but recruitment data from a possible past enrollment exercise. However, this does not mean the data leak is any less serious.

The leaked data included people’s names, house addresses, emails, phone numbers and their dates of birth. In the wrong hands, this could be dangerous.

The alleged breach of Unity Bank’s database comes at a time when cybersecurity is becoming a rising topic in Nigeria.

However, in a statement, Unity Bank, which did not explicitly deny the breach or dismiss the associated data, said; “Our attention has been drawn to social media reports purporting a data breach of our systems,” Unity Bank said.

“For the avoidance of doubt, Unity Bank wishes to reassure all customers that we take the protection of their personal information very seriously in accordance with data protection legislation.

“The Bank hereby reassures its customers and the public at large, of the integrity of its systems, controls of which are continually enhanced in line with best practices, to forestall attempts at compromising confidential data.”