-
According to a claim made by an individual or group on the messaging platform Telegram, they have information related to bank card details associated with an undisclosed Israeli bank.
-
This dataset includes very sensitive data such as Social Security Numbers (SSNs), credit card numbers, and other forms of IDs.
-
Should the claim prove to be accurate, it may put all individuals in the affected area at risk of identity theft and/or fraud.
According to a report from Dark Web Informer, a threat monitoring account on X, a cyber threat group on Telegram, has claimed that they have leaked bank card information that belongs to customers of an unconfirmed Israeli bank.
History and Context of the Situation
For many years, most, if not all, Israeli banks have been the most targeted by cybercriminal groups. This targeting has expanded to major corporations, as seen in the recent heist of 547 GB of data from the Israeli company DGM.
Cybercriminal activities directed at financial institutions in Israel have increased dramatically, largely due to the political instability and the significant increase in cybercriminals and hacktivist-type individuals and organizations.
The formatting used by threat groups to create a profile on Telegram has become an increasingly popular method. It’s now used by the criminal underworld to advertise future data breaches, shed samples of their stolen data, or provide links to where to access their complete database.
So many claims exist, including many that are proven fraudulent and may be fabricated or duplicate data, thus requiring independent verification to evaluate their effect on real-life applications. Yet, cybercriminals can exploit unverified leaks for phishing schemes, card-not-present fraud, or social-engineering attempts.
Overview and Updates
In a Telegram post allegedly from a threat actor called “AssassinCode”, the poster claims that this is an initial release of credit-card data from Israeli Banks. Online screenshots reference Israeli banks and card systems and show that a limited amount of cardholders’ data has been leaked to the public.
Per the information in the Telegram post, this information purportedly contains:
- Cardholder name
- Social Security/ National ID number
- Date of Birth
- Bank name
- Country, City, and principal postal code
- Email address and phone number
- Complete mailing address
- Type/class of Card
- Complete Card number
- Date of Expiration
Experts advise users to exercise caution when downloading PDF files from unknown or suspicious sources on Telegram.
Cyber security professionals recommend that users only click through to URLs sent to them on Telegram by either legitimate institutions in Israel or reputable companies that are members of the cyber community. Every download from a suspicious URL may include malware, a fake PDF, or corrupted data due to the nature of such URLs.
No Israeli bank has named the banks involved to date; therefore, there has been no confirmation from the Israeli banks as to whether the dataset(s) provided are real/able to be verified. There are also no ways to verify the authenticity, quantity, size, and/or completeness of the dataset(s) via an independent entity.
No regulator or banking authority in Israel has made any notes with regard to these allegations. Security experts typically advise users to verify before believing any Telegram leak announcement until the banks involved or via a forensic investigation confirm the veracity of said leak announcements.
Cybercriminals utilize small pieces of samples to garner attention or induce institutions into engaging in negotiations when the dataset(s) may contain partial or outdated information.
Significance of the Information
The post reveals data that cybercriminals could use for financial fraud, including identity theft, or for phishing attacks, particularly targeting Israeli citizens. The primary destination for such stolen data is often the dark web marketplace, where large batches of card details are routinely listed for sale, as recently seen with the discovery of 1,800 UK bank cards on a dark web platform.
Banks must issue new cards to customers whose information a limited leak exposed. They must also monitor for any fraudulent activity on their customers’ cards, and notify all impacted Customers.
Cybercriminals will continue to exploit public channels in order to communicate with their victims and convince potential recruits through attack campaigns focused on financial infrastructure on a larger scale. The profits from such fraud and data theft often fund other extensive dark web operations, as seen in the recent takedown of the multi-million dollar fake pharmacy network, ‘SocialPharma,’ by UK cyber police.
Customers should remain vigilant and check all of their accounts periodically for any potential unauthorized charges and any security alerts provided by their bank.
