South African banking giant Standard Bank has issued a fresh warning to customers after its ongoing investigation into a March 2026 data breach revealed that some credit card information may have been compromised.
The latest update comes weeks after the bank first disclosed an incident involving unauthorised access to selected internal data systems on 23 March 2026.
According to the bank, a limited number of affected customers may have had their credit card numbers and expiry dates exposed, although CVV security codes were not accessed.
This means the risk of direct card-not-present fraud remains lower, but the threat of phishing and identity theft has increased significantly.
Fraud and impersonation risks rise
Cybersecurity experts warn that leaked personal and card data can be used by fraudsters to impersonate customers through phishing calls, fake emails and social engineering scams.
Even without CVV details, criminals may attempt to use partial card information alongside stolen identity data to manipulate victims into disclosing one-time passwords and banking credentials.
Standard Bank said its transactional and core banking systems were not accessed, and that no client funds are currently known to be affected.
The breach was limited to internal administrative and document filing systems.
However, the bank acknowledged that in some cases contact details, ID information, account-related documents and card details may have been exposed.
The South African Information Regulator has since requested further transparency from the lender and is reviewing the full extent of the breach.
Customers urged to tighten security immediately
Standard Bank has advised customers to immediately change their digital banking passwords and enable biometric authentication through the mobile banking app.
Customers are also being warned not to share PINs, passwords or OTPs with anyone, even if the request appears to come from the bank.
The lender said it is proactively replacing cards for directly affected customers as a precautionary measure.
The incident has raised renewed concerns around financial-sector cybersecurity in South Africa, particularly as digital banking usage continues to expand rapidly.
Source: Standard Bank / The Citizen / Information Regulator
