Russian bank Sberbank Rossii PAO recently confirmed a possible data breach. The leak reportedly affected up to 60 million Sberbank credit cards. Details of these credit cards have been found on the dark web.
Sberbank is the biggest bank in the whole of Russia. It currently holds 45% of retail deposits in the country, as well as 45% of consumer loans. The Moscow Times reveals the Russian government has controlling shares within the financial institution.
Researchers and analysts from DeviceLock, a cybersecurity firm, found approximately 60 million financial information on the dark web. According to The Moscow Times, analysts successfully verified the data of around 200 Sberbank customers.
Some of the sensitive information found on the internet include names and even employment details over the past three years.
Tech Radar reports the seller’s asking price went as high as eight cents per entry. Should interested buyers proceed with the transaction, the seller is slated to make a profit on the credit card information.
Based on its press release, the Russian bank only became aware of the incident on Wednesday night, October 2, 2019. In total, the bank states at least 200 individuals are affected by the breach.
Despite hackers successfully mining the aforementioned financial information, Sberbank believes that these do not pose risks for customers. In an interview with Russian newspaper Kommersant, Sberbank notes hackers failed to obtain the customers’ CVV codes. The verification code coursed through text messages also makes customers safe from fraudulent purchases and transactions.
Officials believe a bank employee may have leaked confidential information. In a statement, Sberbank said the incident stemmed from “the deliberate criminal actions of one of the employees.” It further said that “external penetration into the database is impossible due to its isolation from the external network.”
While Sberbank remains calm amidst the breach, cybersecurity company DeviceLock says otherwise. Founder Ashot Oganesyan said “this is the largest and most detailed banking database that … appeared on the black market.” The incident is one of the massive breaches to hit both the Russian banking landscape and market, says Oganesyan.
In the past months, The Moscow Times reports that customers of the bank were subjected to telephone fraud. Fraudsters and other entities pretended to be representatives of the bank and reportedly asked for personal information.
Following the incident, the bank launched an official investigation surrounding the issue. The financial institution plans to disclose updates accordingly.