In what could be the biggest breach in Russian banking history, millions of customer records were stolen from Sberbank, Russia’s largest bank. Researchers from DeviceLock found nearly 60 million records connected to the bank for sale on the darknet for five Roubles or $0.08 per entry. Of that 60 million, analysts were able to get their hands on the data of around 200 customers by way of a sample from the seller and they verified the legitimacy. The site where the data was for sale is blocked by Russia’s communications regulator, Roskomnadzor and researchers suggest the breach may have occurred near the end of August. Sberbank firmly claims that no customer funds are at risk since the CVV code is not included in the data and that they require Two-Factor Authentication (2FA) through text message when making online payments. A statement found on the bank’s website reads, “At the moment, an internal investigation is being carried out and its results will be reported in the future. The most likely explanation of the incident is the deliberate criminal action of an employee, as external penetration into the database is impossible due to its isolation from the external network. The stolen information, in any case, does not threaten the safety of customer funds.” Customers could still be at risk for other types of fraud, specifically telephone fraud where attackers will call a potential victim posing as an employee of the bank. Additional information shows that the Russian state owns a controlling stake in the bank and the bank itself holds 45% of all retail deposits and provides 41% of all consumer loans in Russia.
With all the news around COVID-19/Coronavirus, the average person is turning to the internet for