Investigations are ongoing into a data breach at Standard Bank Group, after the lender confirmed that more customer information was accessed and shared online. The bank said its internal review is still in progress, and early findings show that additional personal data, including more credit card numbers, was exposed.
The incident was first disclosed on March 23, 2026, following reports that a threat actor identified as “ROOTBOY” gained unauthorised access to the bank and Liberty systems on February 27. As investigations continue, the scope of the breach has widened to include credit card numbers and expiry dates, alongside personal details such as names, ID numbers, phone numbers, and physical addresses. In some instances, passport and driver’s licence details were also affected.
Standard Bank has maintained that there is no indication so far that the stolen data has been misused, even as the scale of the breach continues to raise concern. The attacker has claimed to have extracted 1.2 terabytes of data after remaining undetected in internal systems for weeks, and has reportedly been releasing the information in stages since April 14 after demanding R1.2 million in bitcoin.
The ongoing investigation is also examining claims that the attacker moved across multiple systems, including Microsoft SharePoint, OneDrive, Power Apps, Microsoft platforms, and Oracle SQL databases, and accessed internal documents as well as employee information. The bank noted that external experts are supporting the investigation, while the matter has been formally reported to regulators, including the Information Regulator.
As the probe continues, Standard Bank has expanded its customer notifications and urged users to take precautionary steps. Customers have been advised not to share PINs, passwords, or one-time passwords, to update their banking and social media credentials, enable biometric authentication where possible, and report any suspicious activity immediately.
Sasini PLC has announced the appointment of Catherine Kawira Bariu as its new Company Secretary,…
Electric mobility company SPIRO is set to deepen its footprint across Africa after securing a…
Ride-hailing company Bolt has dismissed reports claiming it is preparing to exit the Kenyan market,…
Lenana School has temporarily released all students following disturbances that occurred during night preparation classes,…
A dormitory at Sameta Boys High School in Kisii County caught fire on Monday afternoon,…
Heineken has secured temporary relief in its long-running dispute with businessman Ngugi Kiuna after the…