Investigations are ongoing into a data breach at Standard Bank Group, after the lender confirmed that more customer information was accessed and shared online. The bank said its internal review is still in progress, and early findings show that additional personal data, including more credit card numbers, was exposed.
The incident was first disclosed on March 23, 2026, following reports that a threat actor identified as “ROOTBOY” gained unauthorised access to the bank and Liberty systems on February 27. As investigations continue, the scope of the breach has widened to include credit card numbers and expiry dates, alongside personal details such as names, ID numbers, phone numbers, and physical addresses. In some instances, passport and driver’s licence details were also affected.
Standard Bank has maintained that there is no indication so far that the stolen data has been misused, even as the scale of the breach continues to raise concern. The attacker has claimed to have extracted 1.2 terabytes of data after remaining undetected in internal systems for weeks, and has reportedly been releasing the information in stages since April 14 after demanding R1.2 million in bitcoin.
The ongoing investigation is also examining claims that the attacker moved across multiple systems, including Microsoft SharePoint, OneDrive, Power Apps, Microsoft platforms, and Oracle SQL databases, and accessed internal documents as well as employee information. The bank noted that external experts are supporting the investigation, while the matter has been formally reported to regulators, including the Information Regulator.
As the probe continues, Standard Bank has expanded its customer notifications and urged users to take precautionary steps. Customers have been advised not to share PINs, passwords, or one-time passwords, to update their banking and social media credentials, enable biometric authentication where possible, and report any suspicious activity immediately.
