Bank employee responsible for data breach; he sold customers’ information in dark web

Officials at Sberbank Rossi, the largest Russian bank, have revealed some details about their investigation of a data breach that would have affected at least 200 users of the bank. According to reports from information security experts, the bank detected the incident last October 2.

However, additional local media reports mention that the 200 affected users initially detected were only part of a sample, as in fact thousands of users were impacted by this incident.

After detecting the incident, Sberbank officials announced an internal investigation, which has concluded that the person responsible for the data breach is a 28-year-old man employed by the bank. The culprit has already been referred to the Russian federation authorities.

Law enforcement agencies and the bank’s information security team were able to retrieve the stolen information and collect evidence for the trial. Russian police claim that the employee responsible for the crime sold the information of about 5,000 Sberbank customers through hacker forums on dark web. Bank officials stress that most of the compromised information is outdated or inactive.

When questioned about the incident and the employee’s ability to access confidential information, a representative of the bank stated: “It is practically impossible to access our databases from the outside, as they are isolated from the rest of our IT infrastructure.” In addition, the representative stated that “the compromised information is also not useful for performing fraudulent bank movements”.

Eventually, the bank made the decision to reissue credit cards belonging to potentially affected customers and published some details about the costs of the attack. The recently implemented procedure for reporting security incidents in banks and payment operators requires affected organizations to submit to the authorities a well-detailed report on the financial impact of these incidents for the organization and its users.

While this is not a hacker attack as such, information security experts consider it to be yet a further example of how a security risk can be generated in a financial institution unexpectedly. Pavel Livinskiy, director of the Russian-operated power company Rosseti, claims that the Russian energy industry faces about 9 million cyberattacks a year. “About 80% of successful attacks stem from human factor errors and omissions, and combating these incidents costs the Russian federation about 2 billion roubles ($31 million USD) a year,” Livinskiy adds.

Regardless of its size or whether it is a private company or is operated by the government of a country, any organization is exposed to data breach incidents, which could represent huge economic losses and severe image damage, so it is vital to ensure any possible attack vectors. As it has been mentioned by information security specialists from the International Institute of Cyber Security (IICS), although companies invest thousands of dollars in software solutions, it is also necessary to train employees to consolidate a global environment cybersecurity and less exposed to threat actors.