Russia: Huge Data Leak Hits Sberbank

Personal information of up to 60 million credit card holders of the Russia’s biggest bank ended up for sale on the online black market, the Kommersant newspaper reported Thursday, quoting the DeviceLock cybersecurity company, which first noticed the internet add.

Sberbank has admitted the largest-ever data breach in Russian banking, which includes data of some 18 million active credit cards. The bank assured its clients the breach “will not affect the safety” of their funds.

Komersant said that the client’s funds were not targeted, but that personal and financial data were.

It cited the DeviceLock’s director Ashot Hovhannisyan as saying that the leaked documents form “the largest and most detailed banking database that has ever come to us from the black market.”

The seller, who placed the offer on some internet forums, has reportedly first offered potential buyers a trial fragment of the database – personal data of some 200 people from different parts of Russia, mostly using the services of Sberbank’s Ural Territorial Bank.

The offered database, as the Kommersant described, has been divided into 11 fragments, which matches the number of Sberbank’s territorial banks in Russia. The fragments contain tables with detailed personal, but also financial data of the bank’s clients.

The whole document reportedly consists of 60 million lines, each line being offered for 5 Russian Ruble (US$0.076) or in total 300 million rubles ($4.6 million).

Following the data breach, Sberbank announced it has launched an internal investigation and stressed that “a criminal wrongdoing of an employee is the primary lead, as no breach could have occurred from the outside –  the database is isolated and has no outer network access.”

Roskomnadzor, Russia’s Federal Service for Supervision of Communications, Information Technology and Mass Media, said, according to the, it has immediately blocked the specialized internet forum, which was offering the databases’ trial fragments.

The Service has also demanded the bank to provide “information on possible reasons that caused the leak.”

Hovhannisyan reportedly warned about the possibility that EU citizens could also be among the clients whose personal and financial data leaked from the bank. If this is the case, then the Russian authorities would have to inform the European Commission about the problem.

OCCRP | October 3rd, 2019
https://www.occrp.org/en/daily/10797-russia-huge-data-leak-hits-sberbank