In what could be the biggest breach in Russian banking history, millions of customer records were stolen from Sberbank, Russia’s largest bank. Researchers from DeviceLock found nearly 60 million records connected to the bank for sale on the darknet for five Roubles or $0.08 per entry. Of that 60 million, analysts were able to get their hands on the data of around 200 customers by way of a sample from the seller and they verified the legitimacy. The site where the data was for sale is blocked by Russia’s communications regulator, Roskomnadzor and researchers suggest the breach may have occurred near the end of August. Sberbank firmly claims that no customer funds are at risk since the CVV code is not included in the data and that they require Two-Factor Authentication (2FA) through text message when making online payments. A statement found on the bank’s website reads, “At the moment, an internal investigation is being carried out and its results will be reported in the future. The most likely explanation of the incident is the deliberate criminal action of an employee, as external penetration into the database is impossible due to its isolation from the external network. The stolen information, in any case, does not threaten the safety of customer funds.” Customers could still be at risk for other types of fraud, specifically telephone fraud where attackers will call a potential victim posing as an employee of the bank. Additional information shows that the Russian state owns a controlling stake in the bank and the bank itself holds 45% of all retail deposits and provides 41% of all consumer loans in Russia.
Analyst Notes
Sberbank customers should keep a close eye on their accounts and be aware of the possibility of fraud attempts involving their information. If phone calls are received by someone claiming to be from the bank they should ask for the employee name, then hang up and call the bank using a known correct phone number. If something raises a red flag, users should not give out personal information and report the instance to the bank immediately.
