ING Bank Data Breach Allegedly Impacts 21,000 Records, Company Attributes It to External Source
Published
Key Takeaways
- ING Bank breach: The cybercriminal entity known as BreachParty has claimed responsibility for a data breach impacting ING Bank Spain customers.
- Data compromised: The breach allegedly involves over 21,000 records containing extensive personally identifiable information (PII).
- Bank's statement: ING Bank Spain has stated that the security breach was external to its systems and that client security has not been compromised.
On November 5, 2025, the threat actor BreachParty claimed it had successfully exfiltrated 21,090 records from ING Bank Spain customers, containing personally identifiable information and sensitive financial details. This type of PII data leak poses a substantial risk of identity theft and financial fraud to the affected individuals.
Is It Safe to Access ING Bank Spain Right Now?
ING Bank Spain stated that the cybersecurity incident stemmed from an external security breach and did not directly compromise its internal systems or affect the security of its clients.
In response to the claims, the Dutch-origin global financial institution, which offers banking services in over 100 countries, issued a statement clarifying its position.Â
The yet unverified information in the hacker announcement claims the following data was leaked:
- full names,Â
- ID numbers,Â
- dates of birth,Â
- cities,Â
- phone numbers,Â
- sensitive financial details such as
- IBANs,Â
- bank codes,Â
- bank names
Despite this, ING acknowledged the data leak involving its customers and those of other entities. The bank confirmed it has deployed additional security measures to reinforce the protection of its clients following the incident.Â
Implications for Financial Sector Cybersecurity in Europe
The ING Bank Spain data breach underscores the persistent threats facing the financial industry. The incident, attributed to the BreachParty cyberattack, serves as a critical reminder of the sophisticated methods cybercriminals use to target financial institutions and their customers.Â
Even when a bank's core systems are not directly breached, vulnerabilities in third-party vendors or external systems can lead to significant data exposure.Â
This event reinforces the need for robust financial sector cybersecurity protocols and continuous monitoring across all interconnected platforms to safeguard sensitive customer information from increasingly organized threat actors.
In September 2025, ING Bank issued a security alert on scammers impersonating the bank and deepfake campaigns. In the same month, 273,000 Indian bank transfer records were exposed in a National Automated Clearing House cloud server leak.
Related
Get expert insights on threats, breaches, scams, and security trends — delivered every Saturday.
Most Popular
Get expert insights on threats, breaches, scams, and security trends — delivered every Saturday.
Most Popular