AYA BANK Data Breach

AYA BANK, a financial services organization based in Myanmar, was listed as a victim on the Lapsus$ extortion group’s dark web portal on June 23, 2026. This listing was identified by SOCRadar’s Dark Web Monitoring service. AYA BANK operates in the financial services sector, which is frequently targeted due to the sensitive nature of the data handled. The group has claimed five other victims in the 60 days prior to this listing, with targets across Financial Services, Technology, and Consumer Services sectors in the United States, Myanmar, and Sweden.

SOCRadar’s stealer-log telemetry revealed a severe exposure for the ayabank.com domain. The logs contained approximately eight corporate credentials for identity and mail infrastructure, including Microsoft Entra ID single sign-on, corporate Exchange webmail, and Office 365 mail relay. Additional credentials were found for a payment-related 3D-Secure authentication endpoint and several external or generic accounts on the same financial system. The credential exposure occurred in mid-to-late June 2026. While parallel to the leak-site listing, it is not confirmed if this exposure was the intrusion method used by Lapsus$. Lapsus$’s typical playbook involves social engineering, SIM-swapping, and insider recruitment rather than infostealer-driven access. The identified credential exposure is a high-priority concern for credential hygiene, necessitating password resets, MFA enforcement, and session revocation.