[BreachExchange] Russia's Sberbank hit with huge data leak

Destry Winant destry at riskbasedsecurity.com
Fri Oct 4 01:26:35 EDT 2019


https://www.techradar.com/news/russias-sberbank-hit-with-huge-data-leak

The state-owned Russian banking and financial services company
Sberbank is currently investigating a potential data leak which the
newspaper Kommersant has reported may be the largest ever in Russian
banking history.

In a statement, the firm said that the leak could have affected at
least 200 of its customers. However, according to Kommersant, 200
entries were just a sample to lure in potential buyers by an
unidentified online seller who claims to have data on 60m credit cards
including accounts and cards which have already been closed.

The newspaper even verified the database's authenticity by asking the
unknown seller to provide information on its own reporters that turned
out to be both correct and up-to-date.

Russia's largest search engine hacked by Western intelligence agencies
An inside look at Russia’s cybersecurity market: a Q&A with BI.ZONE
Data leak reveals how Russia uses telecoms for surveillance

The seller is seeking eight cents per entry according to Kommersant
and they could end up making quite a lot by selling stolen information
on Sberbank's 18m active credit card customers.

Insider threat

Sberbank and Kommersant both believe that the data leak was most
likely the work on an insider with criminal intent and Sberbank
provided more details on its investigation into the matter in a press
release, saying:

“An internal investigation is underway. Its results will be unveiled
in a separate statement. A criminal wrongdoing of an employee is the
primary lead, as no breach could have occurred from the outside –  the
database is isolated and has no outer network access.”

Kommersant was first tipped off regarding the Sberbank data breach by
the cybersecurity company DeviceLock who said that data sets on some
of Russia's largest banks are available on the dark web but none of
these are as large as comprehensive as the recently leaked Sberbank
data set.

While this might not be a traditional data breach, it highlights the
potential risk that insider threats pose to all businesses and the
damage they can cause.


More information about the BreachExchange mailing list