Standard Bank Data Breach: Credit Card Leaks and Protection Tips

Standard Bank, Africa’s largest bank by assets, has notified its business clients of a data breach involving unauthorized access to personal information within the Standard Bank of South Africa’s environment. The breach has exposed select client records, including account numbers, business names, ID or registration numbers, and limited account information.

Further reports on April 13, 2026, indicate that the leak may also include credit card details for some clients. The bank stated that it identified the unauthorized access and took immediate steps to enhance its environment to mitigate the impact of the incident.

Scope of Data Exposure and Security Status

Standard Bank informed affected business clients via email that their information was among the select data sets that may have been accessed. The bank clarified that its transactional banking systems were not accessed and remain operational and secure. The institution stated that no clients’ funds were affected and accounts remain secure.

Despite the security of funds, the exposure of personal and business identification data increases the risk of phishing attempts, fraud, and identity theft for the impacted clients.

We are writing to inform you of a recent incident that involved unauthorised access to certain data within the Standard Bank of South Africa’s environment. We believe in maintaining transparency with our clients, and as such, we are notifying you directly. Regrettably, your information was among the select data sets that may have been accessed.

Standard Bank email to clients

Regulatory Response and Investigations

The Information Regulator is set to probe Standard Bank regarding the breach. Reports indicate that the full extent of the data breach remains unclear to the regulator.

Standard Bank has launched a full investigation into the incident, supported by external experts. The bank also stated that it has strengthened its monitoring mechanisms to detect and prevent suspicious activity, asserting that it continues to comply with all legal and supervisory obligations within its regulatory framework.

Context of Subsidiary Breaches

This incident follows a separate data breach suffered late in March 2026 by Liberty, a subsidiary of Standard Bank, which also affected clients. When queried by ITWeb on April 7, 2026, Standard Bank declined to comment on whether the breach of the main bank’s environment is related to the breach at Liberty.

The sequence of events suggests a period of heightened vulnerability for the group’s data environments, with the March incident at Liberty preceding the notification sent to business clients regarding the Standard Bank of South Africa environment.

Client Impact and Risks

The types of data leaked present specific risks to business operations and individual identity security. The leaked data sets include:

• Account numbers and limited account information
• Business names
• ID or registration numbers
• Credit card details for some clients

The bank has emphasized that the safety and protection of client information remain its top priority as the investigation continues.