Sberbank employee sold data of 5,000 clients in Darknet, investigation shows
An employee sold the data of 5,000 clients of Sberbank’s Urals Bank to a criminal group in the Darknet in late September.
Sberbank Rossii PAO (MCX:SBER) has revealed more details regarding the findings of an investigation into a recent data leak that affected at least 200 clients of the Russian bank. The bank became aware of the leak late on October 2, 2019.
In an earlier statement Sberbank announced the completion of an internal investigation that helped identify the culprit, who is now in the hands of law enforcement agencies. The culprit turned out to be one of the bank’s employees – he is born in 1991.
The bank’s Security Service and law enforcement agencies retrieved the stolen data and gathered evidence of the crime.
Additionally, the investigation has shown that the employee who committed the crime sold the data of 5,000 credit card clients of Sberbank’s Urals Bank to a criminal group in the Darknet in late September. A significant portion of the data is outdated or inactive, the bank explains.
The credit cards were reissued and the clients’ funds are safe, Sberbank says.
Let’s note that there have been changes to the reporting requirements for Russian banks and operators of payment infrastructure, effective July 1, 2018. The rules concern the reports about cyber incidents. The companies have to submit more detailed information regarding the economic consequences of these incidents for the operators and their clients.