The state-owned Russian banking and financial services company Sberbank is currently investigating a potential data leak which the newspaper Kommersant has reported may be the largest ever in Russian banking history.
In a statement, the firm said that the leak could have affected at least 200 of its customers. However, according to Kommersant, 200 entries were just a sample to lure in potential buyers by an unidentified online seller who claims to have data on 60m credit cards including accounts and cards which have already been closed.
The newspaper even verified the database's authenticity by asking the unknown seller to provide information on its own reporters that turned out to be both correct and up-to-date.
- Russia's largest search engine hacked by Western intelligence agencies
- An inside look at Russia’s cybersecurity market: a Q&A with BI.ZONE
- Data leak reveals how Russia uses telecoms for surveillance
The seller is seeking eight cents per entry according to Kommersant and they could end up making quite a lot by selling stolen information on Sberbank's 18m active credit card customers.
Sberbank and Kommersant both believe that the data leak was most likely the work on an insider with criminal intent and Sberbank provided more details on its investigation into the matter in a press release (opens in new tab), saying:
“An internal investigation is underway. Its results will be unveiled in a separate statement. A criminal wrongdoing of an employee is the primary lead, as no breach could have occurred from the outside – the database is isolated and has no outer network access.”
Kommersant was first tipped off regarding the Sberbank data breach by the cybersecurity company DeviceLock who said that data sets on some of Russia's largest banks are available on the dark web but none of these are as large as comprehensive as the recently leaked Sberbank data set.
While this might not be a traditional data breach, it highlights the potential risk that insider threats pose to all businesses and the damage they can cause.
- We've also highlighted the best data loss prevention services of 2019
Via Reuters (opens in new tab)