Sberbank lost customer database

In the theft of customer information caught one of the employees of Sberbank.
Sberbank completed an internal investigation and found a channel for the leakage of customer credit card data, the bank’s press service said. The Security Service, together with law enforcement agencies, revealed that one of the employees of Sberbank tried to steal client information for personal gain. His name is not called, it is only reported that he is the head of the sector in one of the business units, he is 28 years old (born in 1991) and he had access to the databases by virtue of the performance of official duties.

Evidence of the crime was collected and documented, the employee gave a confession, the report said. There is no threat of client data leakage, there was no threat to the safety of customer funds, Sberbank assured.

The Bank made serious conclusions and will dramatically strengthen access control to systems to minimize the impact of the human factor, said Sberbank President German Gref. “On behalf of myself and the entire Sberbank team, I want to once again express my deepest apologies to 200 of our customers for what happened and to all our customers for the delivered experiences,” he said. Gref also thanked the security service and law enforcement agencies for the operational work, which allowed "to solve the crime in a matter of hours."

Sberbank found out about a possible leak on October 2, when the cybersecurity service received a data file containing information about 200 clients of the Ural branch. At the same time, it became known that there was a database in the underground Internet resource with data from 60 million Sberbank credit card holders (Kommersant reported this). The bank immediately began a check, which showed that there was no external hacking or hacker attack.

The leaked data on 200 customers did not contain information on pin codes and CVV, Sberbank emphasized. According to him, using a stolen base, it is impossible to conduct a financial transaction. But just in case, customers were immediately warned about what happened, and their cards were taken under control and re-issued.