Standard Bank, Africa’s largest lender by assets, has notified a portion of its business clients of a data breach that resulted in the unauthorised exposure of personal information.
The breach at the big-four bank comes shortly after its subsidiary, Liberty, disclosed a separate data breach affecting its own clients in late March 2026, underscoring a sustained wave of cyber attacks targeting South African financial institutions and government entities.
According to ITWeb – Standard Bank informed affected business clients via email that certain data within the bank’s environment had been accessed without authorization. The bank acknowledged that the affected clients’ information was among the select data sets that may have been accessed.
The exposed records include account numbers, limited account information, business names, and identity or registration numbers. Standard Bank moved to reassure clients that its transactional banking systems were not accessed, remain secure and operational, and that no client funds have been affected. The bank has launched a full investigation supported by external experts and has strengthened its monitoring mechanisms to detect and prevent suspicious activity.
The breach heightens the risk of identity theft, fraud, and phishing attempts. Standard Bank has urged affected clients to remain vigilant, avoid sharing sensitive details such as PINs, passwords, CVVs or one-time passwords, and to refrain from clicking on sign-in links in emails or SMS messages. Clients have been advised to access digital banking only through official channels and to report suspicious emails to the bank’s dedicated phishing inbox.
The bank is also encouraging the reporting of suspicious emails to its dedicated phishing inbox (phishing@standardbank.co.za).
The bank identified the unauthorised access and immediately took steps to secure its environment and mitigate the impact. The bank stated that it operates within a robust regulatory framework and fully complies with all applicable obligations. A select number of affected clients are being notified directly.
The breach at Standard Bank follows a similar incident at its insurance subsidiary, Liberty, which disclosed unauthorised third-party access to select data systems on 24 March 2026. According to Legalbrief , that breach was described as potentially one of the most damaging data breach cases in South African history, with the perpetrators threatening to release emails and attachments on the dark web. Liberty CEO Yuresh Maharaj confirmed that customer policies and investments were not compromised, and all services remained operational. The Information Regulator subsequently requested an urgent meeting with Liberty’s leadership to understand the scope of the breach.
The twin breaches at Standard Bank and Liberty occur against a backdrop of escalating cyber threats in South Africa. Organisations across the country are facing sustained pressure from ransomware groups and other cyber criminals. In late March 2026, Statistics South Africa confirmed that a hacker group known as XP95 had accessed its internal human resources platform, stealing approximately 154GB of data and demanding a ransom of $100,000 (approximately R1.7 million). The same group previously claimed responsibility for breaching the Gauteng Provincial Government, allegedly accessing 3.8 terabytes of data.
Industry data indicates that South African organisations face an average of more than 2,000 cyber attacks per week. The financial services sector remains one of the most targeted industries on the continent, alongside government and consumer goods sectors.
Standard Bank has declined to comment on whether its breach is connected to the Liberty incident. The bank continues to advise clients to treat unsolicited calls with caution, to be alert to possible SIM-swap indicators such as sudden loss of network signal or missing one-time passwords, and to contact the bank through official channels if uncertain about any communication.