Credit Suisse, a prominent global investment bank and financial services firm headquartered in Switzerland, has fallen victim to a data breach.
This breach has reportedly resulted in the unauthorized listing of their highly sensitive data for sale on a notorious dark web marketplace.
It is reported that a significant amount of sensitive information has been compromised for both employees and customers.
This includes customer names, email addresses, employee codes, dates of birth, gender, policy names, relationships, dates of joining, effective dates, statuses, and entities.
This story was first reported by Dark Web Informer, a Twitter user who monitors dark web activities and reports on cybersecurity incidents.
The threat actor, going by the username 888, posted the company's data up for sale and has included samples of the data as proof.
Previewed data consist of 19,000 user records and 6,623 company employee emails.
There are concerns about the potential misuse of the sensitive information found in the samples, which includes customer names, dates of birth, and relationships.
Considering 888's standing among the dark web community, it is highly probable that the breach is authentic.
The threat actor is only accepting cryptocurrency for their sale. More specifically, they are only open to Monero (XMR), a digital currency renowned for its privacy and anonymity attributes. This payment method is frequently utilized in illegal transactions to evade detection.
Credit Suisse, with reported revenue exceeding $15.21 billion, has not yet provided a public response to the data breach. In a recent development, Credit Suisse faces further challenges with a breach that has come to light.
This incident comes on the heels of a previous report by Bloomberg, which revealed a data leak impacting numerous former Credit Suisse clients who collectively held a staggering $100 billion in accounts.
Subscribe to our newsletter
As of time of writing, Credit Suisse has not provided any comment on the matter, leaving many questions unanswered regarding the extent of the breach and the measures being taken to protect those affected.