A new security breach has affected ING Bank Spain, exposing more of Over 21,000 records of clients with highly sensitive: full names, ID number, phones, IBAN and bank codes. The actor threats BreachParty published the dataset in a forum the Dark Web November 5, 2025under the heading “ING BANK 2025 21.090 WERE LEAD IS”. According to the post, the data are for sale to private buyers, this is not a ransomware but an operation of marketing information stolen.
Vector of entry and nature of the attack
Although ING stated that “their systems have not been compromised”, it points to a breach in an external supplier or marketing company that handled customer information. This type of attack has become customary in the financial sector, where the criminals take advantage of the weak links in the supply chain to access sensitive data. It has not been detected yet an exploit or direct intrusion, but a filtration type data supply chain.
Actor of threat: BreachParty
BreachParty operates as a data broker in the Dark Web, specialized in selling databases of verified financial institutions. Unlike groups like Clop or LockBit, not number systems and demands ransoms, but sells the data to other criminals dedicated to the fraud, phishing, or identity theft. Your recent activity reinforces a trend: the rise of the brokers data as a substitute to ransomware classic.
Risks and consequences
The impact is severe: with IBAN, card and phone, attackers can run phishing banking highly personalized, SIM swapping, and impersonation to open accounts or make fraudulent transactions. In addition, ING and its suppliers could face sanctions of the AEPD under the GDPR if you demonstrate a lack of control in the management of data by third parties.
This incident reminds us that, even when the internal networks are secure, the exposure through a third party remains a critical vector. The case of ING Bank Spain reinforces the importance of a rigorous risk management of suppliers.
Leaks like have affected prior to european entities as BBVA (2023) or CaixaBank (2024) through data breach in the business of marketing or CRM external. This confirms a persistent pattern of attack the Spanish financial sector. BreachParty, for its part, has positioned itself as a emerging figure in underground forums after the fall of large groups of ransomware.
How you can help Amber Solutions?
At Amber Solutions we recommend that financial institutions perform forensic audits and reviews of providers under our services Threat Intelligence and Forensic Analysisto identify possible leaks of information. In addition, our service Pen Testing and risk management of third-party you can detect insecure configurations before they are exploited.
In summary, this case demonstrates that the security of your data ends up in your perimeter. Amber Solutions we help companies shield your digital ecosystem against ingress of external and respond effectively to incidents of dataprotecting your reputation and the trust of their customers.
