-
A vendor on the dark web says they stole customer information from Chongqing Bank – such as people’s names, ID numbers, phone numbers, addresses, photo URLs of ID cards, etc.
-
Criminals find banking data to be very useful: banks often lose money through identity theft, financial crime and account takeover and the attackers use phishing scams to get people’s credentials.
-
The claims have not been substantiated, and no confirmation has come from Chongqing Bank that the data is valid or associated with the bank’s systems.
A cybercriminal posted on an underground forum, with claims to have stolen records from Chongqing Bank, a Chinese financial institution, and is selling this information on the dark web marketplace.
According to the post on the dark web, the data includes member ID numbers, full names, mobile numbers, national ID card numbers, URLs to ID card photos, gender, home address, and bank name. The actor shared sample transactions to support his claims.
Banking datasets are incredibly valuable to cybercriminals. The combination of government-issued identification, email address, and home address provides cybercriminals a wide range of possibilities for identity theft, financial fraud, account takeover, and social engineering scams.
Why Banking Data is So Valuable to Criminals
Criminals place a premium on people’s financial data, and banking data is one of the most wanted types of information sold on the dark web. Bank accounts and financial institutions have become a target of criminals, with large amounts of banking data stolen on a daily basis. When criminals steal bank data, they gain access to client debit and credit card information, as well as other basic identity information about all the bank’s customers.
Criminals use this information to commit various forms of identity fraud because they can obtain an entire person’s identity using only a national identification number, such as a Chinese ID card number.
A person’s national ID number can be used across all government agencies and also in all financial systems. With the use of this number, along with their first and last name and their address, a criminal can apply for credit cards, open bank accounts, and take out loans under someone else’s name.
The presence of ID card photo URLs in the leaked data adds another layer of risk. If these URLs point to actual images of identity documents, criminals can use them to bypass verification systems. Many financial services rely on document uploads for identity confirmation. A clear image of a national ID card could help fraudsters pass these checks.
Bank names also appear in the allegedly exposed data. This detail helps attackers understand exactly which institution the victim uses. Armed with this knowledge, they can craft highly convincing phishing messages that look like official bank communications.
Cybercriminals Target Chinese Financial Institutions
In recent years, cybercriminals have frequently targeted Chinese financial institutions. The country has rapidly transformed its operations using digitization, which has also created new vulnerabilities for financial institutions to handle. In this environment, threat actors continue to exploit any security gaps they can find.
The targeting extends beyond financial institutions; a dark web seller has also claimed to have 1.2 billion records from the Shanghai Police database, highlighting the scale of data exposure across Chinese government and financial systems.
The Chongqing Bank claims follow a pattern of similar incidents involving Chinese financial data appearing on dark web markets. Cybercriminals often use forums to advertise stolen banking records and sell them to interested buyers in bulk. These marketplaces operate like legitimate e-commerce platforms, complete with user ratings and customer support.
Despite the prevalence of such listings, law enforcement agencies face significant challenges in verifying and responding to dark web data offers. The main challenge police face is in identifying threat actors who are engaging in criminal activity anonymously and through encryption. The investigation becomes even harder when sellers operate from jurisdictions with limited cybercrime enforcement.
Chinese authorities have established specialized cybersecurity teams to address cyber threats against financial institutions. The teams coordinate with banks to strengthen defenses and conduct forensic investigations when breaches occur.
Consumers Should Watch for Phishing and Fraud Attempts
If the compromised data of Chongqing Bank turns out to be genuine, customers will face increased phishing attempts. The hackers who steal personally identifiable information (PII) can develop messages that appear extremely legitimate. When an email has the correct recipient’s name, ID number, and bank name, it will look more credible than a generic scam email.
Theft of customer PII will also make it easier for criminals to take over their accounts. With the stolen PII, the criminal can impersonate the victim when contacting the bank for help. They may request assistance in changing their password, address, or authorizing transactions.
All residents in China should check their bank statements and credit reports for unauthorized transactions. They should also be cautious when receiving calls or emails claiming to come from their financial institution. The potential for follow-on fraud can be greatly decreased by verifying the authenticity of suspicious communications through legitimate sources.
The dark web seller did not indicate how or when they obtained the Chongqing Bank data. As a result, experts will consider these claims to be unverified until independent verification. Nonetheless, the detailed data on the post should be treated with utmost seriousness by both the bank and its customers.