Employee is primary lead in data leak impacting customers’ credit card details

Sberbank is investigating a suspected data leak

Sberbank, Russia’s largest banking and financial services organization, is investigating a suspected data leak impacting at least 200 customers. Unconfirmed reports indicate that this relatively small dataset may just be the tip of the iceberg.

In the first of two brief statements issued yesterday, the Moscow-based banking organization said: “Late on October 2, 2019 Sberbank became aware of a possible leak of credit card data affecting at least 200 Sberbank clients.”

A subsequent report from Russian broadsheet Kommersant suggests that this dataset may just be a sample of a much larger database of breached credentials being offered to potential buyers on the dark web.

According to Kommersant, the seller claims to hold data on more than 60 million Sberbank credit cards.

Reuters is reporting that Sberbank currently has “around 18 million active credit card customers”, meaning that the dataset (if validated) would include millions of inactive card numbers.

The Daily Swig has approached Sberbank for comment relating to these unconfirmed reports.

Ilya Sachkov, founder and CEO of Group-IB, a Singapore-based cybersecurity company with offices in Moscow, urged caution over the veracity of the 60 million-strong dataset claims.

“The bank only confirmed the leak of 200 cards. The rest is just speculation at this point,” Sachkov told The Daily Swig.

“It is too early to jump to any conclusion regarding the authenticity of the database until the bank’s internal investigation is over.”

According to Sachkov, Group-IB observed a “number of anomalies” in the way the database was advertised on darknet forums.

“You cannot completely rule out the possibility that [the] multimillion database could be just a fake,” he said.

“But even if it’s not a fake, the information that the database reportedly contains… is not complete enough to carry out transactions or withdraw money from [customers’] bank account[s].”

Internal investigation

In its statement relating to the incident, Sberbank said it’s likely that the source of the leak is a malicious insider.

“An internal investigation is underway,” the organization said. “Its results will be unveiled in a separate statement.”

It added: “A criminal wrongdoing of an employee is the primary lead, as no breach could have occurred from the outside – the database is isolated and has no outer network access.”

The stolen information will not affect the safety of customers’ funds, the bank said.

“Sberbank is working closely with law enforcement bodies and the Central Bank of Russia to solve the crime as soon as possible,” said Alexander Vedyakhin, first deputy chairman of the Sberbank executive board.

Sberbank is the largest bank in Russia and eastern Europe, operating 14,000 branches across the region.


RECOMMENDED Thomas Cook: Security firm issues warning over online fraudsters