(Rico’s Digest) “To our great regret, executives, employees, regulators, Visa and Master Card are not interested in the data breach that we talked about for a month.
“We apologize to all Banco BCR clients and all those who were using its services to publish their personal data. We regret that Banco BCR and regulators do not care about their clients and their personal data.”
That is the message by the cybercriminal group Maze, which claimed at the beginning of the month to have hacked the security systems of the Banco de Costa Rica (BCR), concretized hours ago its threat to disclose information regarding the numbers of bank cards that were “stolen” and which it claims to belong to the BCR.
On May 5, the group issued a statement in which it said: “Probably the Banco de Costa Rica lives in its own reality (…) and does not care about its customers or the confidentiality of the information.”
According to a report by Delfino.cr, Maze assured that the first attack on the BCR was carried out in August 2019 and although the current protocols require that the institution have reported this violation to the authorities. It did not do so.
The second attack was alleged to have taken place in February this year and that is where they claimed to have stolen information of 11,000,000 credit cards, including card information and transaction history.
The BCR has repeatedly denied having suffered an attack and assured that the entire plot responded to an extortion attempt. The bank then indicated that it would not negotiate with Maze:
Esteban Jiménez Cabezas, cybersecurity expert and chief technology officer for cyber defense company ATTICYBER, released the statement and translated it:
The BCR’s response:
Basically the bank is putting the onus on its customers to maintain strict security protocols, by not giving away log-in credentials, only use a secure connection and that BCR staff will not ask for account information by phone or email.
Who do you believe?
Me, I stopped using the BCR some time ago. I do keep my account open, but with no funds, the procedures forclosing it is just not worth my time.