Banc Certified Merchant Services (BCMS), a prominent United States-based company providing payment processing solutions and merchant services, has allegedly suffered a significant data breach. A threat actor recently claimed responsibility for the attack, posting what appears to be the company’s compromised database for download on a dark web forum. BCMS plays a crucial role for many businesses by facilitating credit card processing, point-of-sale systems, and other financial transaction services.
The threat actor published a long list of database table columns and a sample of the data to substantiate their claims. The compromised information allegedly contains a wide array of sensitive personal and user data. If the claims are accurate, this incident could expose BCMS clients and users to various risks, including identity theft, phishing attacks, and financial fraud.
The allegedly leaked data includes the following:
- User login credentials (emails and hashed passwords)
- Full names
- Nicknames and display names
- Physical addresses (street, city, state, zip code)
- Phone numbers
- IP addresses
- Session tokens and other technical user data
