Hackers have claimed to breach two major Colombian financial institutions, Grupo Bancolombia and Banco de Bogotá, and have published alleged customer data samples on an underground forum, according to reports.
The claims were posted on a cybercrime platform known as DarkForums, where a threat actor shared files said to be linked to the banks. The full extent of the alleged breaches has not been verified, and no official confirmation has been issued by the affected institutions at the time of reporting.
Grupo Bancolombia, a financial group serving around 30 million customers across Latin America, was listed among the affected entities. The shared materials included screenshots that appear to show an internal content management system tied to its digital services. The data samples contained limited customer information, such as names and login or logout timestamps.
Additional files linked to Bancolombia included several PDF documents with small datasets of customer and advisor records. These records reportedly contained full names, location data, and insurance plan details. Researchers reviewing the samples noted that direct contact information was not present in the shared files.
The same threat actor also claimed to have data related to Banco de Bogotá, one of Colombia’s largest banks with nearly 10 million customers. The sample dataset shared for this institution included approximately 30 records containing full names, phone numbers, and physical addresses.
Researchers noted that while the Banco de Bogotá dataset was limited in size, the inclusion of direct contact information could increase the risk of targeted fraud or phishing attempts if the data is confirmed as authentic.
The reports indicate that the primary risk may arise from combining multiple datasets. Information such as login activity, insurance details, and contact records could be cross-referenced with other breaches to build more complete profiles of individuals.
Both banks had not responded to requests for comment at the time of publication. The situation remains based on claims made by the threat actor, and further verification depends on official statements or findings from an ongoing investigation.