Trouble as hacker claims breach of Sterling Bank, alleges customer data exposure

A notorious threat actor has claimed responsibility for a data breach at Sterling Bank Plc, alleging the exposure of a large volume of customer and employee data.

Last week, the threat actor known as ByteToBreach published what it claims are more than 9 million records on DarkForum, an English-language dark web platform known for the exchange of stolen databases, hacking tools, and malware.

According to the actor, the breach involves data linked to approximately 900,000 customer accounts and more than 3,000 employee records. The actor also claimed the existence of a separate dataset connected to Cardinal Stone, an investment banking and multi-asset management firm.

The leak, according to the threat actor, is said to contain personally identifiable information (PII), raising concerns about risks such as identity theft, financial fraud, and unauthorised access to sensitive records.

READ ALSO: GTB confirms hackers’ attempt to intercept customers data

The threat actor also stated that the hacked systems were located within Sterling Bank Plc’s internal network architecture, as defined by its autonomous system number (ASN). If confirmed, this could point to a direct penetration of the bank’s internal environment rather than a third-party compromise.

The actor also claimed that access gained through the breach was used to target external systems, including Remita, a popular payment platform.

The threat actor further claimed that approximately 3 terabytes of data were accessed from cloud storage, including over 800 gigabytes linked to Know Your Customer (KYC) services. The data is said to include identity documents such as passports, photographs, bank statements, and utility bills, alongside MySQL and PostgreSQL databases, logs, and container registries.

Another document released by the actor suggests that initial access within Sterling Bank Plc may have been used to pivot into external systems, including CRC Credit Bureau, one of the largest credit reporting agencies in Nigeria and Africa.

None of the organisations mentioned, Sterling Bank Plc, CRC Credit Bureau, Cardinal Stone and Remita, have publicly confirmed the alleged breach. When contacted on April 2, 2026, Sterling Bank Plc declined to comment.