Two local banking institutions, OCBC Bank and United Overseas Bank (UOB), are reportedly linked to alleged data breach incidents, according to posts shared by the Dark Web Intelligence account on X. The claims originate from a cybercrime forum, but as of now, neither incident has been independently verified and both banks have yet to issue official statements.
The first claim involves OCBC Malaysia, where a threat actor alleges possession of a dataset containing sensitive information. Based on a sample shared in the forum post, the data may include phone numbers, email addresses, banking-related details, passport information, national ID numbers such as MyKad, business registration records, and driving licence data. The sample reportedly contains structured entries and references to OCBC Malaysia domains.
If the OCBC-related claims are proven legitimate, the potential exposure of both financial and identity data could pose significant risks. These include financial fraud, account takeovers, identity theft, and more targeted attacks such as phishing, social engineering, and SIM-swapping.
A separate claim targets UOB Malaysia, though the available information appears far more limited. The alleged dataset sample reportedly only includes basic fields such as the bank’s name, account numbers, and timestamp entries labelled “first_seen.”
Unlike OCBC’s case, there is no indication of customer identity data, transaction histories or a complete dataset structure. Given the lack of detail, the UOB-related claim may involve synthetic data, previously exposed information, or a misrepresented dataset with limited value.
As highlighted by Dark Web Intelligence, both claims remain unverified and should be treated with caution. We have reached out to both OCBC and UOB for comment regarding these allegations.
In the meantime, users are advised to monitor their bank accounts for unusual activity, enable multi-factor authentication where available, and remain cautious of unsolicited communications claiming to be from either bank. Also avoid sharing sensitive information, including one-time passwords or login credentials, especially via phone calls or email.
(Source: Dark Web Intelligence, via X [1] [2])
