Data leaks from Russian banks

The main articles are:

• Data breaches in Russia
• Banks in Russia

Data leaks at Sberbank

Main article: Data leaks in Sberbank

2023

The volume of data merged from financial institutions in Russia tripled to 170.3 million records

In 2023, 170.3 million customer personal data records leaked from financial institutions in Russia, which is 3.2 times higher than the previous year. And in comparison with 2021, the volume of information leaks increased 57 times. This is evidenced by InfoWatch data released in mid-February 2024.

As RBC writes with reference to InfoWatch materials, in total in 2023, 64 cases of loss of personal data of customers in financial institutions were admitted, which is 12.3% more than a year earlier. The indicators of 2023 exceed the volume of leaks in 2021 almost twice, the newspaper notes. The publication also says that 46.9% of leaks are from banks. The problem is also recorded in microfinance organizations, payment services, crypto exchanges, traditional exchanges, etc.

In 2023, 170.3 million customer personal data records leaked from financial institutions in Russia

According to the authors of the study, a significant increase in the number of bank data leaks in Russia is associated with the activation of organized groups of hackers, primarily politically motivated hacktivists, against the background of a special military operation of the Russian Federation in Ukraine. Their main tasks were undermining resilience, psychological pressure on financial institutions and intimidating customers, according to InfoWatch.

InfoWatch analysts cite the rapid pace of digitalization of the financial sector as other reasons for a significant increase in the number of leaks in the industry, as well as the discovery of new vulnerabilities, the presence of which leads to an increase in the number of company hacks and the expansion of compromised information. At the same time, against the background of this dynamics, most companies are in no hurry to disclose information about incidents. So, according to an InfoWatch survey, 42% of representatives of the financial industry believe that only 4% to 10% of companies recognize the data leaks.^[1]

The data of Alfa-Bank customers got into the public domain

Hackers posted the data of Alfa-Bank customers in the public domain. This was announced on October 20, 2023 by the Telegram channel "Information Leaks." According to him, there are 1 million lines in the merged file. Read more here

Roskomnadzor confirmed data leakage of 1 million MTS Bank customers

Roskomnadzor, following its own investigation, confirmed a large-scale leak of data from MTS Bank customers. This was reported in the supervisory authority in mid-October 2023. Read more here.

Hackers allegedly "leaked" the data of MTS Bank customers. The bank itself denies a cyber attack

Hackers from the NLB group announced that they managed to hack the protection of the digital infrastructure of MTS Bank and withdraw a large amount of personal data of its customers. The bank itself denies this.

As indicated in the publication of the News.ru edition of September 7, 2023, the hackers posted three files at once, allegedly with the data of clients of the credit institution. Read more here.

The network got the data of 47 million SberThank You users

On March 9, 2023, it became known about the leakage of data from tens of millions of users of the SberThank loyalty program from Sberbank. This was announced by the profile Telegram channel "Information Leaks." Read more here.

2022

The number of data leaks in the Russian financial sector increased by 71%

The number of data leaks in the Russian financial sector in 2022 increased by 71% compared to 2021. This is evidenced by InfoWatch data released on February 21, 2023.

According to the study, 70% of data leaks from companies due to the actions of their employees. In total, about 44.8 million records of personal data and payment information leaked from the Russian financial sector in 2022 (an increase of 32 times compared to 2021), from the world - more than 627 million records.

About half of the leaks in the Russian financial sector in 2022 fell on banks (47.8%), followed by credit and microcredit organizations, in which 16.6% of incidents of this type occurred. At the same time, the most noticeable change in the distribution of leaks is a sharp decrease in the share of insurance companies from 10.7% to 2.1%, which may be the result of strengthening information security services in these organizations.

InfoWatch specialists analyzed the situation in terms of the nature of current threats. Thus, the share of data leaks as a result of the actions of external attackers (primarily hackers) in Russia increased from 21.4% to 75%, and in the world this figure reached a peak of 95%.

The researchers also noted a significant increase in the share of leaks of information containing trade secrets of Russian companies. The share of this type of information among leaks from Russian financial organizations amounted to 13.1%. Payment information was leaked in 4.3% of cases, and all other incidents were theft and accidental compromise of personal data.

According to analysts, one of the key factors that influenced the cybersecurity of the financial sector was the beginning of a special military operation of the Russian Federation in Ukraine, after which the level of threats both in Russia and around the world sharply increased.

Damage from data leaks from banks in Russia decreased by 10 times

The damage from data leaks from banks in Russia decreased 10 times over the year. This was announced in early December 2022 by the RTK-Solar company, according to the RTK-Solar company, which develops in the field of information security.

According to the study, the maximum damage from information leaks in the financial sector by the end of 2022 amounted to 1 million rubles, while a year earlier the figure reached 10 million rubles.

The survey was attended by representatives of more than 350 Russian companies from the financial sector. Half of the respondents reported that they retained from 10 million to 100 million rubles in the budget thanks to the introduction of a DLP system (Data Leak Prevention, aimed at preventing information leaks). In 2021, only 36% of companies estimated potential cost savings from prevented leaks at more than 10 million rubles.

The reduction in the maximum amount of damage and the simultaneous increase in savings from DLP systems at RTK-Solar are explained by the fact that more and more organizations are using reliable means of protecting against leaks, said Elena Chernikova, senior business analyst at the company. By December 2022, 75% of representatives of the financial block operate such protection systems, a year earlier there were 70%, Vedomosti writes.

At the same time, the ratio of intentional and accidental leaks in financial sector organizations has changed dramatically. If in 2021 the 20% of respondents assumed the presence of deliberate rather than accidental leaks in their organizations, then in 2022, 67% respondents already announced the intentional discharge of data. This correlates exactly with the above trend of high penetration of DLP systems in the financial sector, which automatically suppress accidental leaks, and when properly configured, cope with a significant part of intentional ones.^[2]

Top manager of MTS-Bank convicted of selling 5.6 thousand customers

On July 28, 2022, it became known that the Verkh-Isetsky District Court of Yekaterinburg sentenced three men in a criminal case on the disclosure of personal information about bank customers. This was reported by the Prosecutor's Office of the Sverdlovsk Region.

The court sentenced the head of Moscow the additional office MTS-Bank Andrey Vamich to three years and six months in a strict regime colony and a fine of over 5 million rubles. for selling information about customers to fraudsters. bank More. here

2021

The number of bank customer databases for sale on the Russian darknet has halved

In 2021, the darknet registered 20 ads for the sale of new databases of bank customers in Russia, which is almost half as much as a year earlier. This is evidenced by data from the DLBI darknet intelligence and monitoring service.

Kaspersky Lab confirmed this trend to RBC: according to the antivirus company, the number of advertisements for the sale of data in 2021 decreased by about 30% and returned to the level of 2018.

20 new announcements talk about databases that contain previously unreported information. In general, there are much more ads on the darknet, but they offer old databases or compilations from several databases, RBC writes with reference to the founder of DLBI Ashot Hovhannisyan.

Three of the 20 databases contained more than 100 thousand customer records: information about 150 thousand who wanted to take loans Sovcombank in and about 100 thousand - in the bank ДОМ.РФ"," as well as a proposal to sell data to half a million Premier clients Sberbank (a special Sberbank program to serve regular customers on privileged terms). This data is usually used by attackers who call people from "merged" databases on behalf of "bank security," "law enforcement agencies" to steal money from a bank account.

The remaining leaks amounted to one to two thousand records and were mainly related to the activities of regional office workers. They copied data before changing jobs or for sale to spammers, DLBI explained.

Massive thefts of bank customer data, according to analysts, are declining. Financial organizations began to use technologies to prevent leaks of confidential information, which intercept attempts to bulk upload client data.^[3]

The price of "breaking" the banking data of Russians for 5 years increased 7 times

The price of "breaking" (criminal provision of information violating banking secrecy and secrecy of correspondence) of these Russians over 5 years has increased 7 times. This was announced at the end of November 2021 by the data leakage intelligence service Data Leakage & Breach Intelligence (DLBI). Read more here.

Data leakage of 150 thousand customers of Sovcombank

In September 2021, it became known about the data leak of 150 thousand clients of Sovcombank. Data Base appeared on a specialized shadow site. Read more here.

100 thousand records of loan applications at Дом.РФ Bank are sold on the darknet for 100 thousand rubles.

About 100 thousand records of people who applied for lending at Дом.РФ Bank have been leaked to the darknet, RBC reported on April 5, 2021^[4]. The bank itself confirmed the fact of the leak and admitted that its cause was a vulnerability in the remote filing of initial applications for a cash loan. Read more here.

2020

The most "expensive" leak in banks cost 100 million rubles

The largest damage to a financial institution from data leakage in 2020 exceeded 100 million rubles. This was announced on July 14, 2021 by Rostelecom as part of its study.

According to the telecom operator, a loss of more than 100 million rubles was recorded in two regional Russian banks that do not use leak protection systems. What credit institutions are in question is not specified.

Most often, leaks occur via the Internet (external cloud storage, Internet mail, etc.), instant messengers, corporate email, removable storage media (USB, etc.), printer printing and specialized internal systems of the organization.

About 20% of the surveyed financial organizations admitted that large-scale leaks turned into large fines for them from regulators. Less than 10% of respondents noted cases when a leak in the bank did not affect either the bank itself or responsible employees. More than 70% of the survey participants said that leaks of sensitive information are the basis for attracting responsible employees to disciplinary sanctions, up to and including dismissal.

At the same time, 36% of companies from the financial sector that have implemented leak protection systems estimated potential cost savings as a result of prevented incidents at more than 10 million rubles for 2020.

Leaks in banks in 2020 were more often caused by negligence than malice. Only 20% of respondents declared intentional leaks in their pure form. 30% of respondents are convinced that leaks are accidental. Examples of such "accidents" can be rash sending data to third parties or publishing service information in such open sources as social networks or instant messengers. Half of respondents claim that accidental and intentional leaks occur in their organizations in equal volume.

Banks recognized data leakage as one of the most significant risks from information security incidents

Qrator Labs on May 6, 2021 shared with TAdviser the results of a 2020 banking security study conducted in the 3rd-4th quarters of 2020.

The purpose of the study was to study the scale cyber threats and, in particular, the threat DDoS attack Russian financial in the sector, as well as to assess the dynamics of the budgets of organizations on. Within INFORMATION SECURITY the framework of the study, the following tasks were solved, in particular:

• studying the dynamics of threats faced by Russian banks;
• assessment of adequacy of information security budgets and their dynamics in banks;
• Determine the penetration rate of DDoS protection in the financial sector.

When planning activities in the field of information security, more than a third of respondents are guided in the current crisis situation for a six-month period. More than half stick to annual planning.

Despite the fact that the economic situation is changing very quickly, all financial organizations in one way or another plan activities for at least six months, and, as a rule, for a year in advance. In rare cases, budgeting goes for a longer period. If the situation changes categorically, organizations with too long-term planning may face new budgeting problems, - comments Sergei Pasechnik, Sales Director of Qrator Labs.

More than half of the respondents believe that the previously agreed budget for information protection to overcome the crisis situation in 2020 was sufficient.

40% of respondents recorded an increase in the level of threats in relation to financial institutions in 3-4 square meters. 2020. According to almost half of the respondents, risks have been growing for two years in a row. At the same time, 58% note that in comparison with the 2019 period, the level of threats in the industry has not changed significantly.

Threats during this period grew mainly against the background of increased activity of attackers, according to 90% of respondents. The influence of the factor caused by the consequences of the mass transition to remote work mainly fell on the first half of the year and became less pronounced by the second.

The issues of inattention of users and clicking on phishing links for banks are not as important as the protection of new infrastructure elements - VPN concentrators. VPN gateways are a hardware and software complex cryptographic of traffic protection,, video data voices based, enciphering which is used to connect to a remote network. With DDoS attacks on the VPN gateway, you can paralyze the work of many IT organization systems, to which employees working from home gain remote access. Therefore, when organizing remote work, if possible, do not have the gateway in obvious places, for example, in a well-known corporate network, and try to organize its protection.

According to the survey, respondents most often encountered phishing (44%) and DDoS attacks (36%). 42% noted that they did not record serious cybersecurity incidents, attributing the main surge in cyber threats to the first half of the year.

The most significant consequences of the information security incident are primarily financial, according to 82% of respondents. At the same time, in second place are the consequences of user data leaks (71%).

If in 2019 almost no respondent noted data leaks as one of the most significant risks to the company, then in 2020 banks seriously began to consider the threat of leaks and think about how to deal with them.

In connection with the transfer of most services online, people are increasingly making purchases in online stores, leaving their personal data there, which means that the problem with leaks is growing in scale. The interest of cybercriminals in digital data is increasing, and the more the reputation of companies that made leaks suffers. It is not surprising that concern about this problem is raised in the industry, and companies are beginning to systematically build specialized protection that allows them to calculate fraudulent actions, Sergei Pasechnik notes.

In the process of the coronavirus crisis or immediately after it, 2/3 of the respondents plan to use the current solution to protect against attacks, refraining from replacing critical solutions "on the fly." More than 10% plan to switch to a hybrid solution.

About half of the respondents are considering the option of partially preserving the scheme of remote work of employees and transferring part of the services to remote service in the coming year. More than a third plan to return to normal operation at the end of the coronavirus pandemic.

Individual companies are even going to actively develop the format of remote work. First of all, these are banks with a serious digital component, betting on IT. The active development of IT in the banking infrastructure allows not only to provide a better level of service for users, but also to solve a number of personnel issues - to reduce office rentals, simplify the process of attracting new employees, etc.

We are observing a positive trend: there are already banks in the industry that are not afraid to work remotely and even after the restrictions on coronavirus are lifted, they are in no hurry to bring all their employees to the office, adds Sergei Pasechnik.

About half of the respondents expect an increase in the budget for information security in 2021. 40% believe that it will not change - including, due to investments already made, often unplanned, in early 2020.

Despite the crisis, about half of the respondents expect an increase in the budget for information security in 2021, which allows us to draw certain conclusions about the nature of the crisis. If in the situation of 2008-2009 security costs were reduced, now they at least retain their positions, and in most cases they grow. This is due to the fact that many financial institutions already see information protection as an integral part of the IT infrastructure and support for complex high-tech systems.

Work in this study included a field survey. Respondents from the financial sector were asked to answer the questions of the questionnaire. In total, 45 representatives of large banks and financial organizations of SMB were interviewed.

The number of leaks from the financial sector in Russia increased by a third

According to the expert analytical center of the Civil Code, InfoWatch over the 2020 year, 202 leaks confidential information from, and banks financial insurance companies was found in the world, which resulted in the compromise of 486 million records of personal data and payment information.

In Russia, the number of leaks in the financial segment increased by 36.5% - from 52 to 71 and led to leaks of 13.4 million user data records, InfoWatch reported on January 29, 2021.

Compared to 2019, the number of leaks that appeared in the public domain decreased by 7.3% globally. The study notes that such a decrease is most likely due to the impact of the pandemic, so public reports of leaks "went" into the gray zone and went unnoticed.

"Our think tank recorded an increasing number of incidents related to leaks in the financial industry from year to year, but the pandemic has made its own adjustments to the news agenda around the world. It is unlikely that the data breach situation has suddenly improved. Rather, we are seeing a decrease in interest in the topic in connection with COVID, "said Natalya Kasperskaya, President of InfoWatch Group of Companies.

According to the report, the percentage of data leaks caused by employees of affected enterprises is much higher in Russia than in the world as a whole - 82% in Russia against 51% in the world. It seems that this indicator does not indicate Russia's differences in the field of data protection, but only the interpretation of the leak. The fact is that in many Western countries (USA, Great Britain, Canada, etc.) the law provides for the mandatory publication of the fact of data leakage by the company itself, which made a leak. Naturally, companies would like to present this in such a way that it is not they who are guilty of the leak, but some "third-party hackers." Whereas in Russia there is no such requirement.

"Our experience with installing data protection systems shows that most data theft occurs using an insider, that is, an internal employee who has an idea of ​ ​ how security is organized in the enterprise. Cases when all information was pulled out exclusively by external attackers are relatively rare, "Kasperskaya said.

However, such cases occur. For example, in the summer of 2020, the credit bureau Experian became a victim. phishing attacks A fraudster who posed as a company client managed to fraudulently gain access to the database the African of the South Division. Having penetrated storage the company, the man was able to find out personal up to data 24 million citizens REPUBLIC OF SOUTH AFRICA and information from more than 793 thousand enterprises. The fraudster planned to use the stolen data for purposes marketing , but fortunately was stopped in time.

In the vast majority of cases, the Network remains the channel for compromising confidential information (almost 80%, including cloud storage -23%). This suggests that confidence in confidential information "clouds" is not worth it. And if this is necessary, then the information must be encrypted.

In Russia, the second most leaks were the channel. In the messengers world, this channel is only the third most frequent, and remains on the second. email This probably indicates a more frequent use of instant messengers for business communication and information transfer in Russia compared to global practice.

The head of Freedom Finance admitted the data leak and revealed the details

The head of Freedom Finance Timur Turlov on his Instagram page confirmed the leakage of these clients of the investment company. He explained that unknown persons attacked the segment of the internal network and stole part of the data from the local machines of several employees in Russia. The machines belong to the employees of a Russian broker providing access to the Russian stock market, and almost the entire package of stolen data is dated 2018. Read more here.

12 GB of data of 16 thousand customers and employees of Freedom Finance put up for sale

On December 24, 2020, it became known about the leakage of data from clients and employees of the investment company Freedom Finance. Ashot Hovhannisyan, founder of the DLBI data leak intelligence service, was the first to draw attention to the "merged" database. Read more here.

Banks in Russia offer to jail for 20 years for stealing customer data

Russian banks are proposing to introduce a 20-year prison sentence for stealing customer data. Representatives of credit institutions announced this at a meeting at the Association of Banks of Russia (ADB), which took place on December 3, 2020.

According to RBC, ADB Vice President Alexei Voilukov, banks offered to deprive freedom for illegal access to bank secrets for up to 10-20 years, but the maximum sentence is still being discussed. The punishment in force by the beginning of December 2020 is disproportionate to the damage that disclosure entails, he said.

Article 183 of the Criminal Code of the Russian Federation defines punishment for "illegal receipt and disclosure of information constituting a commercial, tax or bank secret." The Association of Russian Banks believes that the concept of "bank secrecy" should be separated from other secrets.

Receiving this information is massive: now almost two million buyers are registered in the Russian-speaking part of the darknet who want to gain access to bank secrets, "said Alexey Voilukov.

The Bank of Russia also supported the ADB idea. However, the representative of the regulator noted that this initiative requires "deep legal study."

According to ADB data from InfoWatch, which specializes in information security in the corporate sector, most of the 79.1% leaks in Russia occur due to internal violations of the organization's employees. Another 20.9% - because of intruders from the outside. At the same time, in the whole world, these shares are distributed by 47.4% and 52.6%, respectively.

Ashot Hovhannisyan, founder of the DLBI data leak intelligence service, believes that the risk of long-term imprisonment for banking information will only raise prices for services for their provision. He considers the proposals of banks an attempt to shift responsibility for data theft to his own staff.^[5]

Data leakage of 31 thousand VTB cards

At the end of August 2020, it became known about the leakage of customer data VTB. The bank recognized this fact, but assured that what happened was on threats to users. Read more here.

The court sentenced the ex-employee of Rosselkhozbank to correctional labor for disclosing these clients

On July 27, 2020, a court in Kemerovo sentenced a former employee of Rosselkhozbank to correctional labor for illegal transfer of client data. The man was found guilty under Part 1 of Art. 183 of the Criminal Code (illegal receipt and disclosure of information constituting commercial, tax or bank secrets). Read more here.

Sale of confidential data of Alfa-Bank customers on the darknet

July 24, 2020 it became known about the sale of detailed data of Alfa-Bank customers on the darknet. The credit institution confirmed the leak of information, but assured that it turned out to be small, and some of the information is no longer relevant. Read more here.

Data of 12 million customers of Russian MFIs put up for sale

On April 29, 2020, it became known that the cybercriminal forum was put up for sale, data Russians issued credits in microfinance organizations in 2017-2019. According to the seller, database it contains information about 12 million people. It also offers a free "probe" - full name, passport data, dates of birth, phone numbers, e-mail addresses regions of residence, electronic wallet numbers and loan amounts of 1.8 thousand citizens.

Each data set also contains a link to the site through which the borrower learned about the microfinance organization. In most cases, this is the Unicom24 financial market for searching and issuing loans, microloans, mortgages, etc. Representatives of the market checked the "probe" and confirmed that the identification code of customers specified in the sold database belongs to one of their partners, but did not specify who exactly. According to them, Unicom24 has already turned to this company with a demand to clarify the situation and a notice of termination of cooperation.

According to Unicom24, most likely, the microfinance organization itself (MFI) became the source of the leak. When applying for a loan, the system requests only a full name and a valid phone number, the representatives of the market explained. Passport data, email addresses, loan amounts and other information are known only to the MFO from which the borrower asks for a loan. Nevertheless, when the source of information left an application for a loan through Unicom24, in addition to the name and phone number, the system also requested passport data and date of birth^[6].

Data 1.2 million Russian users of microloans were on sale

On February 6, 2020, it became known about the appearance on sale of a database of clients of microfinance organizations (MFIs) in Russia, including FastMoney, Seimer eKapustu, Lime and Microclade. Read more here.

2019

The volume of leaks in financial companies in Russia jumped by 58%

The volume of leaks in financial companies in Russia at the end of 2019 jumped by 57.6% and amounted to 13.2% of the total number of such incidents in the country. This is evidenced by Infowatch data.

In the world, the number of leaks of confidential information in the financial sector increased by 7.9%.  Sergei Khairuk, a leading analyst at Infowatch Group of Companies, linked this difference with the "relatively low base" - leaks from banks and insurance companies in Russia until recently were recorded and published infrequently.

On the other hand, Russia shows more intensive growth compared to the world largely due to increased attention to leaks in the financial sector from the public, he said.

The financial sector traditionally has a high share of leaked payment data, that is, bank card information required to make transactions. In the world, among all compromised records from the financial sector, it amounted to 26.1% at the end of 2019. In Russia, this share is almost half as low and reached 13.5%. Leaks of information containing personal data for financial and insurance companies on a global scale amounted to 64.5%, and in Russia this figure was 12 percentage points higher. The report notes that in less than 10% of cases of leaks in the global sphere of finance, information constituting a trade secret was compromised.

According to Infowatch analysts, the bulk of leaks in the financial segment occur as a result of deliberate actions or negligence of the internal offender. This situation is typical both for the world as a whole and for Russia. Among the registered cases, the share of data leaks due to the fault of an external attacker (hacker attacks and other actions of unknown persons) in the Russian financial segment is more than 4 times less than in the world.

Data of several thousand VTB depositors went on sale

In November 2019, it became known that the data of 5 thousand VTB depositors appeared on sale at a specialized forum. Read more here.

Data of thousands of clients of Alfa-Bank and Alfa-Insurance put up for sale

On November 5, 2019, it became known that the data of about 3.5 thousand customers of Alfa-Bank and about 3 thousand customers of AlfaStrakhovanie were put up for sale. The corresponding announcement was found on one of the specialized forums. Read more here.

A new way of stealing bank customer data has appeared in Russia

In early November 2019, it became known about a new way to steal data from bank customers in Russia. Attackers have developed a corporate phishing scheme that involves simulating testing of credit institutions' employees.

As Izvestia writes with reference to Kaspersky Lab, bank workers are sent an email with an "invitation" to undergo certification. After following the link, they are asked to enter the login and password from the work mail, as a result of which cybercriminals can access correspondence, which may contain files with personal data of bank customers.

Tatyana Shcherbakova, senior content analyst at Kaspersky Lab, says that the scale of attacks under this scheme depends on the contents of the hacked email. The first thing fraudsters can access is corporate correspondence. And if logins and passwords from databases with personal information about clients or the databases themselves are sent in clear text, then attackers will receive them at their disposal too.

Shcherbakova added that Kaspersky Lab learned about a new phishing method from its customers.

The division CENTRAL BANK notes cyber security that - phishing the first among the main factors that contributed to successful attacks on banks in order to take possession of the personal data of the country's residents. Often fraudsters use the human factor when sending letters to bank employees.

The credit institutions explained to the newspaper that banks often conduct training and certification, so such letters do not arouse suspicion among employees. In addition, banks are, as a rule, rather formalized systems, so communication through e-mail is familiar to employees.^[7]

Leak of credit stories of a million Russians

On October 18, 2019, it became known that credit histories of more than a million Russians were in the public domain. Read more here.

FinCERT named the main source of leaks of banking data of Russians

On October 11, 2019, it became known that in the first half of 2019, experts found about 13 thousand offers for the purchase/sale of these Russians on the black market. Read more here.

Sberbank, VTB, Unicredit Bank and Otkritie banned employees from photographing PC screens

On June 24, 2019, it became known that large banks in Russia banned their employees from photographing computer screens using personal mobile phones.

According to RBC, restrictions were introduced at Sberbank, Unicredit Bank, Otkritie Bank and VTB. Thus, Otkritie Bank prohibits employees from taking photos and videos of monitor screens, service documents, presentations and client data, as well as conducting audio recordings of service negotiations. At VTB, photographing at bank facilities is allowed only by agreement with the responsible departments.

The ban is explained by the fact that employees often take pictures of customers' personal data in order to then sell them on the black market, where they are in demand from fraudsters. According to the publication, the price of personal data can vary from 800 to 8000 rubles.

The deputy head of the computer forensics laboratory Group-IB Sergey Nikitin explained that fraudsters post an ad in Darknet to find out the balance of the victim's card, passport details and more.

According to the expert, the prevalence of photographing screens can be explained by the fact that companies began to introduce protection systems against internal threats and leaks, so employees simply photograph the screen. The fact of photographing is very difficult to prove.

Deputy Chairman of Sberbank Stanislav Kuznetsov said that the bank's systems, as a rule, do not allow transferring official data to third parties, otherwise the case is transferred to the police.

Vladimir Zhuravlev, director of the information security department of FC Otkritie, says that bank data can be used in fraudulent schemes using social engineering methods. For violation of the ban, tough sanctions are provided up to dismissal, he said.^[8]

Data 900 thousand customers of Russian banks were in the public domain

On June 9, 2019, it became known about the leakage of data from 900 thousand customers of Russian banks. Passport data, phone numbers, places of residence and work of citizens of the Russian Federation were in the public domain.

As Kommersant writes with reference to the DeviceLock service, customers of Alfa Bank, OTP Bank and HCF Bank, as well as about 500 employees of the Ministry of Internal Affairs and 40 people from the FSB, were injured.

Experts found two databases of Alfa-Bank customers: one contains data on more than 55 thousand customers from 2014-2015, the second - 504 records from 2018-2019. The second database also contains data on the account balance limited to the range of 130-160 thousand rubles. The newspaper reviewed the first database and found that customers from it are mostly residents of the Northwestern Federal District, and their phones are mostly operational.

According to DeviceLock, information about Alfa-Bank's customers may have appeared on the network due to the massive dismissal of the regional IT department in 2014. The data has been circulating on the black market for a long time.

According to experts, people whose data was in the public domain may be exposed to spam or face fraud.

Apparently, the person who purposefully collected these bases was either an insider, or found those who could steal them, believes Zecurion CEO Aleksei Rayevsky.

Judging by the fact that the bases are outdated, most likely they were used in a narrow circle, and when they ceased to be needed, they became public. Now the people involved in these bases can become victims of a wide range of banking fraudsters, the expert believes.

Alfa Bank and HKF Bank told Kommersant that they would study the information about the leak. OTP-Bank did not record the loss of data.^[9]

The data of the clients-individuals of Binbank were in the public domain

After merging with Otkritie, owned by the Central Bank of the Russian Federation, the personal data of Binbank's clients were in the public domain. This was reported on April 15, 2019 by DeviceLock. Read more here.

Data of 120 thousand bank clients-refuseniks leaked to the Internet

On April 12, 2019, it became known that a database of bank refuseniks appeared on the Internet on specialized forums. We are talking about information about about 120 thousand clients (such a figure is stated in the description of the base) who were denied service by financial organizations under the law on countering the laundering of proceeds from crime and the financing of terrorism (115-FZ).

Most of the database is made up of individuals and individual entrepreneurs (individual entrepreneurs), part - legal entities. About individuals, the database contains information about their full name, date of birth, series and passport number. About IP - full name and TIN, about companies - name, TIN, OGRN. One of the banks unofficially confirmed that the list contains real refusenik clients. Interviewed experts in the field of information security could not recall another case when a leak of data on bank customers was related to the Central Bank.

The records date from June 26, 2017 to December 6, 2017. It was from the first date that the Bank of Russia began sending out a blacklist of customers in accordance with Regulation 550-P. The mailing mechanism looks something like this: banks identify customers who they refuse to serve due to suspicions of 115-FZ violation, send information about these clients to the Central Bank, and that, in turn, to Rosfinmonitoring. The latter processes the data received from banks, transfers them back to the Central Bank, and the Central Bank in aggregated form - to banks. Thus, all banks receive an updated list of suspicious customers, formed by the efforts of the entire sector. The leaked base began to spread a few months ago, but neither the Central Bank nor Rosfinmonitoring knew about the leak.

Rosfinmonitoring said they exclude the possibility of information leakage from them. The press service of the Bank of Russia said that the regulator brings information about refuseniks to market participants in encrypted form through secure communication channels using certified means of cryptographic protection of information.

Responsibility for the safety of information and its non-transmission to third parties is borne by the financial institution that received it, the Central Bank believes.

The Central Bank did not specify whether the regulator plans to take actions that exclude such leaks in the future.

The leak could have occurred in many ways, experts point out.

{{quote 'author = Aleksei Rayevsky, general director of the developer of information protection systems Zecurion|From the Central Bank, Rosfinmonitoring, any bank. The base should only have been with the Central Bank, and the banks should have sent him requests to check customers. In this option, at least it would be easier to localize the leak, to understand where it occurred. Now that's probably impossible to do. }}

Thus, according to the expert, a mistake from the point of view of information security was made in the design of the system.

For customers, a leak is dangerous not only due to data disclosure, but by the very fact of presence in the database. Clients can get into the black list of banks by accident, lawyers say.

Often banks put bona fide customers on blacklists for negligence or due to a technical error. The dissemination of this information for persons from the list, in addition to difficulties with banking, can result in problems with security services when applying for work, contractors' refusals from concluding contracts and other risks.

author '= Aleksei Rayevsky, CEO of information protection systems developer Zecurion ' Such leaks can lead to the most unexpected negative consequences, up to the exposure of gostinas. As an example, the case of Petrov and Boshirov, whose real names were compromised with the help of leaked bases, including the traffic police.

The proliferation of such databases primarily encroaches on privacy. The Criminal Code provides for this punishment of up to five years in prison in case of use of official position and distribution of data via the Internet. Such actions can also be qualified as improper access to computer information (imprisonment for up to seven years).

Amina Appaeva believes that the crime also falls under the article on the illegal receipt and disclosure of information constituting bank secrets (up to five years in prison, and if the act entails grave consequences - up to seven years). According to her, it is public in nature, so law enforcement agencies must start checking without fail. The distribution of such databases refers to the jurisdiction of the Investigative Committee of Russia^[10].

2010: Customer data leak forces Alfa-Bank to replace thousands of plastic cards

In 2010, in Russia, among the leaks, one can note a large leak of personal data from Alfa-Bank, after which the bank decided to promptly replace more than 7 thousand bank plastic cards.

There were positive events in 2010: for example, the FSB and the Prosecutor General's Office closed several sites that gave anyone who wanted access to extensive databases of personal data of Russians. Also very indicative are examples of lawsuits brought in several Russian regions by citizens who have suffered from leaks of their personal data.

Notes