Standard Bank, Africa’s largest lender by assets, and its subsidiary Liberty are currently grappling with a massive 1.2TB data breach. The threat actor responsible, operating under the alias “ROOTBOY,” has announced plans to leak the stolen data in batches after negotiations with the bank reportedly collapsed. The breach, which began in late February 2026, went undetected for over three weeks, allowing the attacker to move laterally through internal administrative and document filing systems.
Read: Cape Town’s AI Diagnostics secures R85 million to scale AI TB screening
The exfiltrated data is extensive, allegedly comprising 154 million rows of SQL data. According to the threat actor’s posts on the dark web, the breach impacted a variety of internal platforms, including Microsoft SharePoint, OneDrive, Power Apps, Jira, Confluence, and Oracle SQL databases. The stolen information includes highly sensitive personal details:
- Client Data: Names, ID numbers, passport and driver’s license numbers, home addresses, phone numbers, and email addresses.
- Financial Details: Account numbers and a limited set of credit card numbers with expiry dates.
- Corporate Data: Company registration numbers and bulk transactional data.
Standard Bank has clarified that CVV numbers were not impacted and that its core transactional banking systems remain secure. As a precaution, the bank is proactively replacing credit cards for affected clients.
The attacker claims to have sought a “peaceful resolution,” but alleges that Standard Bank “abandoned their customers” by refusing to meet their demands. ROOTBOY is currently extorting the bank for 1 Bitcoin (approximately R1.2 million at current rates) to halt the leaks. While the bank has refused to confirm or deny whether a ransom was paid, the threat actor’s site indicates that no payment has been received.
Both Standard Bank and Liberty CEO Yuresh Maharaj have assured the public that core operating systems and investments remain unaffected and fully operational. The incidents have been reported to law enforcement and relevant regulatory authorities, with external cybersecurity experts brought in to lead the investigation.
In the wake of the leak, Standard Bank has urged its millions of customers to remain vigilant. The bank recommends that users immediately update their banking app passwords, enable biometric authentication, and exercise extreme caution regarding suspicious links or unfamiliar URLs that could be used in follow-up phishing attacks.


