A threat actor going by Rabid is advertising the full database of the Chartered Institute of Bankers of Nigeria (CIBN), the country's apex professional body for the banking and finance industry. Established by an Act of the National Assembly, CIBN is responsible for certifying and regulating professional standards for bankers across Nigeria, and its membership spans executives, mid-career professionals, and students pursuing chartered qualifications in the country's financial sector. The dataset being offered totals over 250GB and is described by the actor as the institute's entire database.

According to the listing, the exposed material spans several distinct categories:

• Member Personal DataNames, email addresses, and full membership records belonging to CIBN members and applicants.
• Identity DocumentsScanned government-issued ID documents submitted during the membership verification process.
• Academic CertificatesUniversity statements of result, degree certificates, and professional membership certificates from institutions including the University of Ilorin, Tansian University, and the Institute of Chartered Accountants of Nigeria (ICAN), shown in the sample.
• Source CodePlatform source code associated with CIBN's online systems, raising the possibility of follow-on attacks against the institute's live infrastructure.
• Operational DocumentsMembership details and internal documents bundled within the 250GB archive.

The combination of scanned identity documents with matching academic credentials is particularly severe. In the Nigerian financial sector, banker certification documents are a recognised part of know-your-customer and employment verification workflows, and a leaked corpus of genuine ID-plus-certificate pairs provides attackers with ready-made templates for synthetic identity fraud, fake professional impersonation, and targeted business email compromise against the banks where these individuals are employed. The simultaneous exposure of CIBN's source code further compounds the risk, as it may reveal authentication logic, internal endpoints, or hard-coded secrets that could enable a second-stage intrusion.