Hackers Claim Breaches of Bancolombia and Banco de Bogotá, Leak Customer Data Samples

Related

KDDI Confirms Zero-Day Exploit Behind Breach Affecting 12 Million People

What happened KDDI has updated its earlier breach disclosure, confirming...

Aflac Japan Data Breach Impacts 4.38 Million Customers and Agents

What happened Aflac Life Insurance Japan disclosed a data breach...

Nissan Discloses Employee Data Breach Linked to Oracle Zero-Day Attacks

What happened Nissan disclosed a data breach affecting current and...

KDDI Breach Exposes Up to 14.2 Million Email Logins at Six ISPs

What happened Japanese telecommunications operator KDDI disclosed a data breach...

Xsolis Data Breach Affects 1.4 Million Individuals

What happened Healthcare technology company Xsolis disclosed a data breach...

Share

What happened

Threat actors claim they breached Grupo Bancolombia and Banco de Bogotá and posted customer data samples on an underground forum. The posts appeared on April 8, 2026 and included files the attackers said were taken from the two Colombian financial institutions. In the Grupo Bancolombia case, the shared material included screenshots that appear to show an internal content management system tied to digital services, along with PDF files containing small datasets of customer and advisor records. Those records included full names, location data, insurance plan details, and login or logout timestamps. In the Banco de Bogotá claim, the sample files contained about 30 records with full names, phone numbers, and physical addresses. The full extent of the alleged breaches has not been verified, and no public confirmation from either bank was included in the report. 

Who is affected

The potential exposure affects customers of Grupo Bancolombia and Banco de Bogotá whose information may be included in the claimed leaked datasets. The sample tied to Grupo Bancolombia appears to contain limited customer and advisor records, while the Banco de Bogotá sample includes more direct contact details such as phone numbers and physical addresses. 

Why CISOs should care

This matters because even limited leaked samples can create meaningful risk when attackers combine them with other stolen data. Names, addresses, phone numbers, insurance information, and login activity can support more convincing phishing, impersonation, and social engineering campaigns, especially in the financial sector. It also shows how unverified breach claims can still create immediate customer risk if exposed data is specific enough to be weaponized. 

3 practical actions

  1. Treat sample leaks as an immediate scoping event: Validate quickly whether leaked screenshots, PDFs, or record samples match internal systems or customer data before broader claims spread further. 
  2. Prepare for targeted customer impersonation: Warn customers and frontline teams that attackers may use exposed names, addresses, banking context, or insurance details to make phishing attempts appear legitimate. 
  3. Separate verified facts from attacker claims: Keep incident communications tightly focused on what has been confirmed, since the broader breach claims remain unverified at this stage. 

For more news about incidents involving exposure of personal information, click Data Breach to read more.

IMG 0514 2
+ posts

John Kevin Hao is a news and feature writer covering cybersecurity, technology, and business targeted for professional audiences.