Ransomware victim disclosure
← All victimsStandard Bank Group
Claimed by PrinzEugen · listed 2 months ago
Status timeline
- ListedMay 4, 2026
- Data leakeddate unknown
At a glance
- Group
- PrinzEugen
- Status
- Data leaked
- Country
- South Africa
- Sector
- Financial Services
- Listed on leak site
- May 4, 2026
About the victim
AI dossier — public-source company profileStandard Bank Group is one of Africa's largest banking and financial services groups, headquartered in Johannesburg, South Africa. It operates across retail, corporate, and investment banking segments, serving millions of customers in over 20 African countries and select international markets. The group also has a controlling interest in Liberty Holdings, a major South African insurance and asset management company.
- Industry
- Banking & Financial Services
- Address
- 9 Simmonds Street, Johannesburg, 2001, South Africa
- Employees
- 50000+
- Founded
- 1862
Attack summary
Severity: critical — Standard Bank is a major financial institution with millions of customers; a 1.2 TB exfiltration from internal servers of a bank and its insurance affiliate almost certainly encompasses regulated financial data, customer PII, and potentially transactional records at scale, meeting the critical threshold. Data has been published.The group PrinzEugen claims to have conducted a three-week attack beginning February 27, 2026, resulting in the exfiltration of 1.2 TB of data from internal servers belonging to both Standard Bank and its affiliate Liberty Holdings. No ransom amount was stated, and the disclosure status indicates data has been published.
Data the group says was taken
AI dossier — extracted from the leak post- Internal server data
- Standard Bank internal files
- Liberty Holdings internal files
What the group claims
Beginning on February 27th 2026, The 3 week long attack on both Standard Bank and Liberty has resulted in 1.2TB of data being exfiltrated from internal servers.
Sources
- Victim sitestandardbank.com
Source
Indexed 2 months agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

