Bank Rakyat Ransomware Attack Exposes 463GB of Financial Data

What Happened

On September 10, 2024, Malaysian financial institution Bank Rakyat was compromised by the Hunters International Ransomware-as-a-Service (RaaS) group. The attackers successfully exfiltrated a massive 463GB of data, comprising 144,015 files. Despite initial assurances from the bank that its systems were secure, the full dataset was leaked online by the threat actors on September 17, 2024.

Impact

The compromised data is highly sensitive and includes customer account details, suspicious transaction records, financial statements, and confidential CCRIS (Central Credit Reference Information System) data. The public release of this information exposes Bank Rakyat's customers to significant risks of financial fraud, identity theft, and targeted phishing campaigns. The scale of the breach indicates a severe compromise of protected financial information.

Response

Bank Rakyat stated it maintained operational continuity while attempting to contain the breach. The bank issued public statements to reassure customers and authorities that mitigation steps were underway and that additional security measures were being implemented. However, the successful exfiltration and subsequent leak of such a large volume of data suggest that the initial incident response and containment efforts were insufficient to prevent a major data loss.