Brinztech Alert: The Alleged Database of Serlefin is Leaked

Dark Web News Analysis

The dark web news reports a significant data breach involving Serlefin, a prominent financial services and collections BPO (Business Process Outsourcing) firm operating in Colombia. A threat actor on a hacker forum has released a database containing approximately 50,000 records allegedly belonging to users of Daviplata (a major digital wallet by Davivienda). The leaked dataset is particularly sensitive as it includes not just static PII (names, identification numbers) but also real-time financial data such as account balances. Furthermore, the leak contains detailed logs of interactions and support tickets between Serlefin agents and clients, exposing the internal operational scripts and communication history of the financial institution.

Key Cybersecurity Insights

This breach highlights the critical “Supply Chain” risk where third-party vendors (like collections agencies) become the weak link for major banks:

• Context-Aware Phishing: The most dangerous aspect of this leak is the exposure of support ticket logs. Attackers can read the history of a user’s complaints or payment promises. They can then call the victim, referencing a specific previous conversation (“Regarding your ticket #123 about the failed transfer last week…“) to establish immediate trust before asking for an OTP or password.
• Targeting by “Balance”: Unlike generic leaks, this dataset includes account balances. This allows criminals to filter the database and focus their energy exclusively on “high-value” targets with significant funds in their Daviplata wallets, ignoring empty accounts.
• Third-Party Vulnerability: Serlefin acts as a processor for Davivienda. This incident demonstrates that even if the bank’s core systems are secure, data shared with external partners for collections or customer service is vulnerable if those partners lack equivalent security controls.
• Regulatory Impact (Law 1581): This breach is a severe violation of Colombia’s Law 1581 of 2012 (Habeas Data). The exposure of financial histories and national IDs will likely trigger an investigation by the SIC (Superintendency of Industry and Commerce).

Mitigation Strategies

To contain the damage and protect financial consumers, the following strategies are recommended:

• Proactive Customer Alert: Daviplata/Serlefin must notify the 50,000 affected users immediately. The notification should explicitly warn against phone calls referencing past support tickets, as this will be the primary attack vector.
• Vendor Security Audit: Davivienda (and other banks using Serlefin) should trigger an immediate “Right to Audit” clause, reviewing the security posture, access controls, and data retention policies of the vendor.
• Bot Detection: Implement stricter behavioral analysis on the Daviplata login API to detect if attackers are using the leaked IDs to attempt brute-force attacks or credential stuffing.
• Data Minimization: Review why a collections vendor held “account balances” in a retrievable format. Vendors should only have access to the minimum data necessary (e.g., “debt amount” rather than “total wallet balance”).

Secure Your Business with Brinztech — Global Cybersecurity Solutions

Brinztech protects organizations worldwide from evolving cyber threats. Whether you’re a startup or a global enterprise, our expert solutions keep your digital assets safe and your operations running smoothly.

Questions or Feedback?

For expert advice, use our ‘Ask an Analyst’ feature. Brinztech does not warrant the validity of external claims. For general inquiries or to report this post, please email us: contact@brinztech.com