Hacker claims mass bank breach; releases Visa, Mastercard data

More than 79 banks have been breached, claimed a hacker on Twitter. Following a data release on Tuesday, he said he has more than 50 gigabytes of U.S. and foreign bank data in his hands.
Written by Zack Whittaker, Contributor

Update: see below.

A hacker, who claimed on Twitter to have illegally accessed the networks of dozens of large banks, has released a vast cache of personal information relating to Visa and Mastercard credit card data.


More than 1,700 separate account details were included in the cache.

From the data included in the data dump: customer names, the debit or credit card type --- Visa or Mastercard --- along with postal addresses, phone numbers, and email addresses are all included.

"Grey-hat" hacker Reckz0r --- who oddly enough also goes by the name "Jeremy" --- said on Twitter that he had targeted 79 banks for around three months.

The data breach does not appear limited to the United States. Foreign banks and account details are noted, including from the United Kingdom and Canada.

The data released on Tuesday was compressed in a plain-text document and uploaded to the Web.

The hacker said he took more than 50 gigabytes of data, and that this release is only a fraction of the total amount.

Credit card details do not appear in this release, though a Pastebin post explains that he is "censoring the credit card information" --- including the "credit card number, secret code [and] expiry date."

The targeted banks have not all been named, with the exception of Chase, which was singled out in a separate tweet. The hacker indicated other high profile banks were included.

He also noted on Twitter that Visa and Mastercard were "not hacked," despite a contrary claim in the PasteBin post that says he did.

It is not yet clear whether this relates to a breach earlier this year, following both Visa and Mastercard warning banks that a credit card processor had suffered an intrusion.

Global Payments came forward as the processor at the center of the breach. No more than 1.5 million accounts were affected, the company said last week.

But it is not yet clear whether this relates to the Global Payments breach earlier this year or not.

In a text document file included with the downloadable file, he said: "I don't give a s**t if you're included, it's all about security, folks."

Sister site CNET understands the hacker 'retired' to become a white-hat hacker and would "use my intelligence for good." He said he had left the infamous hacking group UGNazi, along with hacking collective Anonymous in a separate Pastebin post.

Questions have been left with Visa and Mastercard in regards to this story. No spokespeople were available from either company at the time of writing.

Update: More details, including tweets and commentary, suggest the data cache may have been available online for more than a week ago on a hackers website.

A source close to the payments industry told ZDNet that companies such as Visa and Mastercard "do not hold on to personally identifiable information" of its customers, such as the data included in this cache.

Other sources involved in the security industry --- including one claiming to speak for Anonymous --- believe this apparent data dump to be "old data." On the other hand, questions remain over where the data first came from --- even if it was first dumped on the Web a week or more ago.

Image credit: Twitter.


Editorial standards