AYA Bank Confirms Cyberattack as LAPSUS$ Claims Massive Data Breach
Myanmar’s AYA Bank, one of the country’s largest private financial institutions, has acknowledged a cyberattack on its digital infrastructure after the extortion group LAPSUS$ claimed to have stolen over 120GB of sensitive data. The breach was first announced by the hackers on June 23, with a threat to publish the compromised information on the dark web by July 8 unless a ransom is paid.
In a June 25 statement posted on its official Facebook page, AYA Bank confirmed that an older application portal had been breached, exposing some customer data. However, the bank emphasized that the incident did not affect its Core Banking System, AYA Pay, or card services, assuring customers that internet and mobile banking operations remain unaffected. The bank also stated it had strengthened its cybersecurity measures in response.
While AYA Bank did not disclose the exact volume of data compromised or the ransom demand, independent cybersecurity tracking platforms including Ransomware.live and RedPacket Security verified LAPSUS$’s claims on dark web leak sites. The group alleges the stolen dataset includes personally identifiable customer information, though the authenticity and origin of the data have not been independently confirmed.
LAPSUS$ has a history of high-profile cyber-extortion, previously targeting major tech companies such as Microsoft, Nvidia, Samsung, and Uber. As of now, AYA Bank has not publicly addressed whether it will engage with the hackers’ demands.
AYA Bank cybersecurity rating report: https://www.rankiteo.com/company/ayabank
"id": "AYA1782455334",
"linkid": "ayabank",
"type": "Breach",
"date": "6/2026",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"
{'affected_entities': [{'industry': 'Banking',
'location': 'Myanmar',
'name': 'AYA Bank',
'size': 'Large',
'type': 'Financial Institution'}],
'attack_vector': 'Exploitation of older application portal',
'customer_advisories': 'Internet and mobile banking operations remain '
'unaffected',
'data_breach': {'data_exfiltration': 'Yes',
'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'High',
'type_of_data_compromised': 'Personally identifiable customer '
'information'},
'date_detected': '2024-06-23',
'date_publicly_disclosed': '2024-06-25',
'description': 'Myanmar’s AYA Bank confirmed a cyberattack on its digital '
'infrastructure after the extortion group LAPSUS$ claimed to '
'have stolen over 120GB of sensitive data. The breach was '
'announced by the hackers on June 23, with a threat to publish '
'the compromised information on the dark web by July 8 unless '
'a ransom is paid. AYA Bank stated that an older application '
'portal was breached, exposing some customer data, but assured '
'that its Core Banking System, AYA Pay, or card services were '
'not affected.',
'impact': {'data_compromised': '120GB of sensitive data',
'identity_theft_risk': 'High',
'operational_impact': 'Internet and mobile banking operations '
'remain unaffected',
'systems_affected': 'Older application portal'},
'initial_access_broker': {'entry_point': 'Older application portal'},
'investigation_status': 'Ongoing',
'motivation': 'Extortion, Financial Gain',
'ransomware': {'data_exfiltration': 'Yes'},
'references': [{'date_accessed': '2024-06-25',
'source': 'AYA Bank Facebook Statement'},
{'source': 'Ransomware.live'},
{'source': 'RedPacket Security'}],
'response': {'communication_strategy': 'Public statement on Facebook',
'containment_measures': 'Strengthened cybersecurity measures'},
'threat_actor': 'LAPSUS$',
'title': 'AYA Bank Cyberattack and Data Breach by LAPSUS$',
'type': 'Data Breach, Extortion'}