The personal data of 300,000 Belfius bank customers have been put up for sale by a hacker on the internet, according to information published Monday by the Belgian media DataNews. In particular, the address and telephone number of certain customers are visible. Belfius has informed Belga that it is not aware of any security issue or data leak.
Personal data would include customers’ identity, address, phone number, date of birth, account number and IBAN. However, the sample data contains multiple duplicate records, so the actual number of affected customers may be slightly lower.
Call center data
The list, however, would not include financial details such as the status of accounts or transactions made, according to DataNews. The author claimed that the data came from call centers and that it had never been released this year, without specifying whether it was from Belfius call centers or outside the bank.
Those who buy the data would thus have the opportunity to impersonate the bank and defraud the victims of these leaks through phishing emails or by telephone. They might also pose as one of the victims in order to commit further identity fraud.
Belfius spokeswoman Ulrike Pommée told Belga that the bank was not aware of a data leak. “There is no indication of a security issue or data leak“, she clarified. “We will analyze the situation in detail.“
However, the bank recommends the greatest caution to its customers…
