Employee who sold 5,000 credit card details online now in custody

Russian police have opened a case against an unnamed former employee of Sberbank who allegedly confessed to selling the credit card details of 5,000 customers on the dark web. The confession only came as the result of an investigation into a more recent data breach at the banking group.

As previously reported by The Daily Swig, Sberbank – Russia’s biggest bank – announced last week that it was investigating a suspected data leak impacting at least 200 customers.

As the bank conducted its investigation, speculation swirled that the 200-strong dataset may have been a sample of a much larger batch of supposedly breached credentials being offered to potential buyers on the dark web.

In an update issued over the weekend, Sberbank said it had identified an employee who had “tried to steal client data for personal gain”. The company added:

The… culprit headed a division with one of the bank’s units and had access to databases as part of his job.

The vital clues providing evidence of the committed crime have been collected and documented. Yesterday, the employee confessed and the police are now taking procedural actions.

There is no threat of further data leakage now besides the 200 credit cards that were reported as compromised in a statement by the bank on October 3, 2019.

A follow up statement from the bank yesterday said the unnamed suspect was “now in the hands of law enforcement agencies”.

Although the speculation of a much larger Sberbank customer database being offered online now appears to be either false or grossly exaggerated, the suspect allegedly has previous form in the black market sale of banking customer data.

“It was revealed that the employee who committed the crime sold in total the data of 5,000 credit card clients of Sberbank’s Urals Bank to a criminal group [on] the darknet in late September,” the bank stated.

“A significant portion of the data is outdated or inactive. The credit cards were re-issued and the clients’ funds are safe.”

Herman Gref, chairman and CEO chairman of the Sberbank executive board, added: “On behalf of the entire Sberbank team and myself let me once again apologize profusely to the 200 customers for the incident and to all our clients for any inconvenience this caused.

“We’ve learned a lot from what happened and we rethought our systems to mitigate the effects of human reliability. I’d like to thank all our customers for the great trust they place in us.

“Let me also thank our Security Service, our BI.ZONE subsidiary, and all law enforcement agencies for the outstanding work that empowered us to solve this crime within hours.”

YOU MIGHT ALSO LIKE Reductor malware bundles tricks to compromise TLS traffic