Colombian banks face a potential indirect cyberattack via an external debt collection provider, compromising customer data such as names, IDs and phone numbers. BBVA and Nu Colombia confirmed the incident and activated security protocols. No entity reports access to keys or deposits.
An external debt collection provider suffered unauthorized access, potentially affecting several Colombian banks. Extracted information includes customer names, ID numbers and phones, according to preliminary reports.
BBVA Colombia detected the incident on its provider's platform. "BBVA in Colombia reports that it detected unauthorized access on the technological platform of one of its external providers in charge of debt collection management, which compromises some data from a set of customers," the bank stated. It clarified that affected data does not include keys, passwords or deposit information, as the provider lacks access to them. It immediately disconnected communication channels, started an investigation and notified impacted clients.
Nu Colombia also confirmed one of its providers was hit by illegal data extraction. The entity activated security protocols, is coordinating with authorities and assures no unauthorized access to its infrastructure or direct financial data.
Both banks advise customers to distrust suspicious communications, avoid dubious links and verify directly with official channels any requests for personal information.
