No link between Belfius and leaked Belgian customer data, bank says
There is no link between Belfius bank and the leaked data being offered online on a data breach forum according to DataNews, according to the Belgian bank's chief technology officer Bram Somers.
On Monday, DataNews reported that a hacker was selling the data of 300,000 customers of a Belgian bank. Based on test data, DataNews deduced that the customers in question were Belfius customers. The shared data included customers' first and last names, full addresses, phone numbers, dates of birth, and account numbers.
Belfius investigated the matter and concluded that there is no security problem at the bank. "This is a broader problem, not a leak from us," Somers said.
Belgian ethical hacker Inti De Ceukelaire, who also investigated the leak, stated on Twitter that the information is said to be leaked by an employee of a call centre in Turkey or Kosovo. The dataset allegedly includes data from customers of Belfius and the Dutch bank ING.
"This does not mean that these call centres are working on behalf of the banks," De Ceukelaire said. "The seller refers to Belfius and ING based on the SWIFT/BIC code. Many companies store that kind of financial data, this doesn't mean that it comes directly from the bank."
"This is not a call centre working on behalf of Belfius," Somers confirms. The data may have been collected via online purchases and it could be a coincidence that the test data only includes Belfius customers. "This confirms that Belfius had nothing to do with it," the technology officer said. The bank will continue to monitor the situation closely and warn its customers about phishing, Somers adds.
ING also says there are no security issues at the bank. "We have investigated the situation and talked to our IT people and we have not identified any security problems," says spokesperson Gianni De Muynck. "We are investigating the matter further and ask customers to remain vigilant for possible phishing."
© BELGA PHOTO ELISABETH CALLENS