The situation around the leak of customer data from Sberbank continues to evolve. Let me remind you that last week, Kommersant reported that Sberbank's customer data is being sold on the black market, including information on 60 million cards (both active and closed, since the bank currently has about 18 million active cards). According to the publication, the leak could have occurred at the end of August this year and is one of the largest in the Russian banking sector.
Representatives of Sberbank acknowledged the fact of data leakage, but stated that only 200 people had the problem (this is exactly the amount the seller of the stolen database provided as a “fragment for review”).
Also over the weekend, it became known about the completion of an internal investigation conducted by the Sberbank security service and law enforcement agencies. The audit revealed an employee born in 1991, the head of a sector in one of the bank’s business divisions, who had access to databases by virtue of his job responsibilities and who attempted to steal client information for personal gain. This officer had already given confession, and it was reported that law enforcement authorities carried out procedural actions with him.
But on the evening of October 7, Sberbank reported additional factsidentified during the investigation. It became known that at the end of September 2019, the employee who committed the crime sold in one tranche of one of the criminal groups on the darknet a total of 5,000 credit card accounts of the Ural Bank of Sberbank, a significant number of which were outdated and inactive. It is reported that currently compromised cards have already been reissued, and there is no threat to customer funds.
"Businessman"Reports that a few hours before the press release appeared, another database of credit card holders was indeed discovered in the public domain, but that the founder of DeviceLock Ashot Hovhannisyan noticed. Journalists have studied this base and confirm that it is a new part of the leak, partially recognized by Sberbank. Worse, several more credit card databases are available in the public domain, but of a smaller volume (for 500 and 300 customers with a similar data structure). One of the databases has 1999 rows, of which 1709 are active cards, another 290 are private.
In its turn, "Vedomosti"Quoted Alexey Parfentyev, head of the Searchinform analytics department:" This is absolutely normal practice – when selling databases for demonstration, throw off a small piece of the upload for access. The problem is that Sberbank very suddenly decided to draw conclusions on a piece of data on 200 customers, which was published, albeit on the shadow Internet. ” But taking into account that now the data of several thousand cards are in open access, the expert believes that the bank either simply does not know how much data has actually flowed, or the results of the investigation are deliberately kept silent.