Banorte Data Breach Exposes Over 10 Million Customer Records

In August 2022, the Mexican banking giant Banorte experienced a large-scale data breach, with more than 10 million customer records surfacing on a popular hacking forum. The exposed database contained detailed personal information, including customers' full names, email addresses, physical addresses, phone numbers, gender, tax identification numbers, and account balances. While Banorte later clarified that the leaked records were considered outdated data, the bank did not specify how old the compromised information actually was, leaving customers and the public to speculate about the potential impact.
This breach has drawn attention due to both the sheer volume of data leaked—over 10 million entries—and the sensitivity of the details exposed. Banorte is one of Mexico’s largest and most prominent financial institutions, which highlights the potential seriousness of the incident.

What happened in the Banorte data breach?

The Banorte data breach became public when a threat actor posted the dataset on a well-known hacking forum in August 2022. It’s estimated that exactly 10,959,636 records were exposed, containing a wide array of personal and financial information about Banorte customers. The hack did not involve real-time account compromise but rather the leak of a sizeable, static database, which could be used for identity theft or fraud attempts.

What customer data was exposed?

The leaked dataset included multiple types of personal information:

• Full names
• Email addresses
• Street addresses (with locality, city, state, and zip code)
• Phone numbers
• Last names
• Street and unit numbers
• Gender
• Account balances
• Tax identification numbers

How many users were affected?

The breach exposed information for 10,959,636 individuals, marking one of the largest breaches involving a Latin American financial institution in recent years.

When did the Banorte breach happen?

The exposed database was first posted online in early August 2022. It is unclear how long the data had been circulating privately among cybercriminals before the public leak, but August marks the month when it became widely known outside criminal circles.

Timeline of events

• August 1, 2022: The Banorte data breach is widely reported after records appear on a hacking forum.
• Shortly after, Banorte issues a statement classifying the leaked data as outdated but does not provide details on its exact age or original leak date.

Frequently Asked Questions

What happened in the Banorte data breach?

Hackers posted a massive dataset of Banorte customer records to a public forum in August 2022. The leaked information included names, contact details, addresses, tax IDs, genders, and financial data for millions of people.

How many customers were affected by the Banorte data breach?

Over 10.9 million customers were impacted by the breach, making it one of the largest incidents involving a Mexican bank.

What data was leaked from the Banorte breach?

The breach included information such as full names, physical addresses, localities, cities, states, zip codes, phone numbers, email addresses, last names, street and apartment numbers, gender, tax identification numbers, and account balances.

Who was responsible for leaking Banorte customer records?

The identity of the hacker or group behind the Banorte data breach has not been publicly revealed. The data was first posted by an anonymous user on a popular hacking forum.

How can I check if I'm in the Banorte breach?

You can check if your information was part of the Banorte breach by utilizing the DeHashed search engine.