Data leaks at Sberbank

• Main article: Data leaks from Russian banks
• Data breaches
• DLP - Data Loss/Leak Prevention
• DLP Solutions (Russian Market) DLP Solutions (Global Market)
• DLP Leak Prevention Solutions Catalog

2023: The cost of stolen cards on the black market increased to 100 thousand rubles apiece

The cost of stolen Sberbank cards on the black market has grown to 100 thousand rubles apiece. In this case, we are talking about the "plastic" of premium customers, according to a study by a credit institution published in early January 2023. Read more here.

2021: Sale of data 500 thousand VIP clients of Sberbank on the Internet

In mid-April 2021, an announcement appeared on the Internet about the sale of these clients of SberPremier, a special program of Sberbank to serve regular customers on privileged terms.

According to the seller, the database contains 500 thousand records, and the information was unloaded by an employee of a credit institution. RBC got acquainted with a free sample of a database of 20 customer records. According to the publication, it contains a full name, phone number, email address, account number without one digit, Sberbank division, client number in order in the database and branch number.

Customer data is confirmed when transferred through Sberbank Online. Six of them confirmed to RBC the reliability of the name and phone number, and one confirmed that he was a client of Sberbank Premier. What time the seller evaluates this base, RBC does not write.

Data 500 thousand are put up for sale on the Internet. Sberbank's VIP clients

The publication asked Sberbank for a comment and received an answer:

There was no data leak or bank secrecy.

This sample is a compilation of data that has been walking on the Internet for a long time, and this data does not contain bank secrecy, "said a representative of the credit institution.

According to him, such data is used by telephone scammers to mislead people (social engineering methods). Sberbank recalled that in no case should you report the data of your bank cards, accounts, verification SMS codes and other information to outsiders. If such information is requested by phone, it is necessary to urgently stop the conversation and call the bank back at official numbers, Sberbank advises.

The bank is constantly working to improve the mechanisms for protecting customers from fraudsters. Earlier, German Gref said that by 2023 Sberbank will create a system that will not allow "to take out a single bit of information unauthorized."^[1]

2019

The data of Sberbank customers are put up for sale. Database contains a million lines

On October 23, 2019, it became known about the leakage of these clients of Sberbank. On one of the shadow resources, the seller offers a database of borrowers for a million lines accumulated since 2015. In addition to standard information, buyers are offered a recording of the last conversation with the call center.

According to Kommersant, the announcement of the sale says that the database contains about a million lines with personal information (passport, registration, residential addresses, phones, accounts, balance or debt) of Sberbank customers with loans or credit cards.

A new portion of these Sberbank customers hit the black market

Uploading audio recordings of conversations with the call center, according to the seller, is made " from the workplace," that is , in the daytime. However, the seller admitted that he acts as a reseller and sells one line for 30 rubles. The database contains data from 10 territorial branches of Sberbank (there are 11 in total), journalists found out. Kommersant

It was noted that the information is sold in any volume, and the buyer may even name the criteria of interest to him, according to which the selection will be made. At the same time, the seller, in an interview with the newspaper, explained that this base has been formed since 2015 and is updated weekly.

The Data Base can be real, and the information looks relatively fresh, indicates the founder and CTO of DeviceLock Ashot Hovhannisyan.

Taking into account the fact that the seller announced the possibility of receiving audio recordings of conversations, the data may have leaked from an external call center that provides work with debtors, says Hovhannisyan. [2]

A source close to Sberbank clarified to RBC that we are talking about data from the old database, and unknown persons are conducting an information attack on the bank itself.

The press service of Sberbank denied information about a new leak of customer data,  reports TASS Information Agency of Russia.

We do not comment on information that belongs to the category of rumors and speculation, the press service said.

Sberbank found guilty of leaking customer data

On October 5, 2019, Sberbank published on its website a message about the completion of an internal investigation into the identification of a channel for leakage of data from customer credit card accounts, as a result of which it was possible to identify a data thief. It turned out to be an employee of the bank born in 1991, the head of the sector in one of the business divisions of Sberbank, who had access to databases due to his official duties. He tried to carry out the theft of accounts for selfish purposes, Sberbank found out.

Earlier it was reported that the offender allegedly had a base of 60 million accounts. The attacker even demonstrated a fragment of the database containing data on 200 clients of the Ural Territorial Bank of Sberbank. As a result, the Internet turned out to be such personal information of cardholders as limits on issued credit cards, the date of the upcoming payment, and so on.

Sberbank acknowledges the data breach of at least 200 of its customers. In his statement dated October 5, President and Chairman of the Management Board of Sberbank German Gref called the information on 60 million accounts "information noise," while specifying that as of October 2019, Sberbank has 18 million customers with credit cards.

According to the published information, the Bank's Security Service conducted an internal investigation when interacting with law enforcement agencies. The financial organization worked out several versions of what happened. An employee with special administrator rights could access the database. It was also not excluded that the computer could be physically disassembled, and the hard drive with the data was seized. In addition, the security service admitted that the employee could simply photograph the monitor screen, where the information he needed was indicated.^[3]

As a result, the necessary evidence was collected and documented to prove the crime committed. At the same time, the employee who committed the crime has already confessed, and representatives of law enforcement agencies carry out procedural actions with him.

In general, as of October 5, there is no threat of leakage of client data (in addition to credit card data of 200 bank customers, as reported in the bank's press release of October 3), Sberbank assured. At the same time, the credit institution stressed that in all cases there was no threat to the safety of the bank's customers' funds.

On behalf of myself and the entire Sberbank team, I would like to once again deeply apologize to 200 of our customers for what happened and to all of our customers for their experiences. We have drawn serious conclusions and are radically strengthening control over access to the work of our systems of bank employees in order to minimize the impact of the human factor. I want to thank all our clients for their faith in us and trust, as well as the employees of the Bank's Security Service, our subsidiary "Bison" and law enforcement agencies for their clear and well-coordinated work, which made it possible to solve the crime within a matter of hours, - said the Hermann Gref President, Chairman of the Management Board of Sberbank.

Sberbank customer database leaked to the Internet

On October 3, 2019, it became known that Internet flowed away database in customers Sberbank containing information about several tens of millions of owners. credit cards The announcement of the sale of the base data appeared RuNet in late September 2019 and was discovered by the founder of the company on DeviceLock issues. information protection Ashot Hovhannisyan According to experts who got acquainted with the data, it became leak the largest in. Russian banking sector

According to Kommersant, the theft of information could have occurred at the end of August 2019. The announcement was posted on one of the Russian-language forums blocked by Roskomnadzor. According to the person who published it, the database offered by him contains information about 60 million customers. As a trial batch, the attacker offers a small fragment of this base - details about 200 bank clients from different cities served by the Ural Territorial Bank of Sberbank.

The database offered for sale contains detailed personal data of credit card holders, including full names, passport data, as well as all information about the client's credit cards and transactions on them, including the credit limit and the unused limit. The seller claims that the entire database consists of 11 parts, by the number of territorial banks of Sberbank. The cost of information is 5 rubles. for each line.

Compromised personal information of millions of Sberbank cardholders. Source: Telegram channel "Banksta"

Kommersant was convinced of the authenticity of the information - the correspondents asked the seller to find their data in the database, and he provided them with the necessary information that coincided with the real data.

Sberbank said it received information about a possible major information leak on the evening of October 2, 2019. He initiated an internal investigation, the results of which will be disclosed additionally.

Specialists of the financial department put forward the main version of the incident - they suggest that the theft of information about customers was the result of a deliberate crime committed by one or more bank employees. Representatives of Sberbank argue that penetration into the database from the outside is simply impossible due to its "isolation from the external network."

The bank also assured that the information stolen by unknown persons does not threaten the safety of customers' funds, because it does not contain CVV codes. In addition, to carry out a transaction without presenting the card itself at Sberbank, confirmation is required in the form of a one-time - SMSpassword sent to the phone cardholder.

According to the head of DeviceLock Ashot Hovhannisyan, his company's specialists analyzed about 240 records from the database and came to the conclusion that they were authentic. Experts noted that the array of information put up for sale may turn out to be a partial or complete copy of the Way4 database, a processing platform used by Sberbank for almost 10 years.

An unnamed source of Kommersant, close to the Central Bank, is also sure of the authenticity of the database. He called the file proposed by the seller with 200 lines of data "unloading the database" of Sberbank. "Data can be from the data store of all systems, there is all information about clients. A database leak from any of the partners seems unlikely, judging by the set and volume of data, "the source said.

Ashot Hovhannisyan said that such a large leak will affect the entire banking industry. In his opinion, the investigation of the incident will be carried out by the Central Bank of Russia and Roskomnadzor and, possibly, law enforcement agencies. The connection of foreign regulators is also possible: for example, if the stolen database contains information about EU citizens, then Sberbank will have to notify the European Commission of the incident, in accordance with the "General Data Protection Regulation" (GDPR) - an EU decree that entered into force in May 2018.

Roskomnadzor will check information about a possible violation of the Russian law on personal data "within its competence." "Response measures will be taken after establishing signs of violations," the department said.

According to CNews, as of October 2019, the accuracy of the information in the leaked database has already been confirmed by some bank employees whose mail addresses and names were on this list. Confirmation was also received from a representative of one of the third-party organizations related to the bank's information security.^[4]

Sberbank, VTB, Unicredit Bank and Otkritie banned employees from photographing PC screens

On June 24, 2019, it became known that large banks in Russia banned their employees from photographing computer screens using personal mobile phones.

According to RBC, restrictions were introduced at Sberbank, Unicredit Bank, Otkritie Bank and VTB. Thus, Otkritie Bank prohibits employees from taking photos and videos of monitor screens, service documents, presentations and client data, as well as conducting audio recordings of service negotiations. At VTB, photographing at bank facilities is allowed only by agreement with the responsible departments. Read more here.

2018: Data of 421 thousand employees of Sberbank were in the public domain

On October 29, 2018, it became known about the data leak of 421 thousand employees of Sberbank. A text file of 47 MB, which contains the full name of employees and their logins for logging into the operating system (often the same as their email addresses), appeared on a specialized forum phreaker.pro.

The database, which was posted by an unknown user, is available for free, reports. Kommersant One of the employees of Sberbank and a representative of a third-party organization that is associated with the information security bank confirmed the authenticity of the database to the publication. Data is current as of August 1, 2018.

The address book of Sberbank employees was posted on the Internet

The database also contains data on employees of Sberbank subsidiaries , including foreign ones, as well as on some already dismissed employees. The publication compared the email addresses of some non-public managers of Sberbank with its own database to confirm the authenticity of the data. There are  also three e-mails of the bank's president, German Gref. It is noted that the database is relevant as of August 1, 2018.

Sberbank assured that the data leak does not pose any threat to customers and automated systems, and the address book is available to all employees. The reason for the leak in the press service did not comment. According to the newspaper's sources, "malicious actions of one of the current or former employees are most likely."

German Gref also knows about the problem, a Kommersant source at the bank said. According to him, the president of Sberbank has already expressed his dissatisfaction. Sources of the newspaper claim that most likely this document was published by one of the employees of Sberbank - current or former.^[5]

Leaks occur often: both companies and entire departments are affected by them, says Vladislav Tushkanov, a web analyst at Kaspersky Lab. 

For the enterprise itself, this may be fraught with reputational losses, and leaks also pose a threat directly to those whose data fall into open access, he said in a conversation with RIA Novosti.[6]

Notes