A hacker known as Rootboy has begun daily data dumps from Standard Bank's systems on the dark web since 14 April, following the bank's refusal to pay a 1 Bitcoin ransom. The attack, which started on 27 February, exfiltrated 1.2TB of data from Standard Bank and Liberty. The bank has confirmed exposure of some credit card details but no CVV numbers.
A cyberattack targeting Standard Bank and its subsidiary Liberty began on 27 February 2026, resulting in the exfiltration of 1.2TB of data from internal servers. According to the Prinz Eugen ransomware leak portal, the hackers sought a peaceful resolution but claimed Standard Bank abandoned its customers after two weeks of negotiations.
Rootboy, the threat actor, refused to wait for the 1BTC ransom payment and started releasing stolen data daily on the dark web from 14 April. The dumps have escalated: 5,000 lines of customer data initially, followed by 25,000, 50,000 yesterday—including staff data from SAP—and 100,000 today. The total package contains 154 million rows, including ID numbers, home addresses, and employment details.
Standard Bank confirmed that in limited cases, stolen information includes credit card numbers and expiry dates, but CVV numbers are unaffected. "We are communicating directly with those clients and proactively replacing their cards as a precaution," the bank stated. It added that it has reported the incident to regulatory and law enforcement authorities and is enhancing security measures.
Liberty issued a holding statement signed by CEO Yuresh Maharaj, similar to Standard Bank's, though its website lacks specific details on the breach amid other health-related articles.