CIMB has dismissed allegations circulating online that it suffered a data breach, stating that the claims are false and that customer data remains protected. In a post on X, the bank said its security teams had verified that all systems are secure.
The clarification follows earlier claims of a “high-risk cybersecurity incident” allegedly targeting Malaysia’s financial sector, with assertions that CIMB Bank customers were affected. The purported dataset was said to contain 1.2 million unique records, including personal identification details, full names, and financial information.
A local cybersecurity consultant cast doubt on the legitimacy of the alleged leak. According to them, the data presented by the threat actor appears to have been scraped from other, possibly unrelated, leaks rather than originating from a fresh breach. They also noted that the individual behind the claim has no known track record and that this is the only alleged breach associated with them to date.
The consultant further questioned the credibility of the source that amplified the allegation, which purported to be a cybersecurity company. They claimed the entity may be exaggerating the situation to create fear and promote its own services.
Incidents like these are not uncommon online, where claims of data breaches frequently surface on forums and social media platforms. While some turn out to be legitimate, many remain unverified, recycled from older leaks, or exaggerated for attention. As such, it is important for readers to stay alert to potential security risks while also approaching viral claims with a healthy dose of scepticism.
(Source: CIMB, via X)
