Clients from the top three Russian banks entrusted their data — including phone numbers, addresses, and IDs — to the financial institutions. Now, this sensitive information is publicly available.
Databases with sensitive personal information about the clients of the top Russian banks — including Alfa Bank, the country’s largest commercial bank — leaked onto the Internet at the end of May, according to local media outlet Kommersant.
While the information from the compromised databases was gathered several years ago, a significant part of it is still relevant and can be used by unscrupulous crooks. Cybersecurity experts believe that people from those databases may be targeted by spammers or fall victim to scams.
A provider of data-leak prevention systems, DeviceLock, discovered two leaks of personal data from Alfa Bank on Friday, June 7. One database contained data on more than 55 thousand clients, including their full names, phone numbers (mobile, home, and work), addresses, and places of work. DeviceLock believes that the information is dated from 2014-2015.
The second database has only 504 entries, but it is much more recent and contains additional information about the year of birth, passport data, the branch of Alfa Bank, and the account balances of the clients.
The Founder and CTO of DeviceLock, Ashot Oganesyan, says that the large Alfa Bank database may have leaked in 2014 when the bank performed mass layoffs of its IT staff. Some disgruntled IT employees might have made off with the database and kept it private for a long time. However, the database has recently popped up on the Internet for free access. You do not even need a password to download it and make use of it, Mr. Oganesyan said.
Employees Are The Weakest Link
The more recent database, dated 2018-2019, might have been taken by the Alfa Bank employee responsible for combating fraud. This theory is confirmed by the fact that the database is rather small (about 500 records) and limited to customers with a specific account balance (130-150 thousand roubles, which is about $2000-$2500).
Notably, the data leaked contains information about the employees of private companies as well as 500 police officers and 40 Federal Security Service (FSB) officers.
Apparently, the person who purposefully assembled these databases was either an insider or found those who could steal the necessary information, explains Zecurion CEO Alexei Rayevsky. Considering that the databases are a bit outdated, it is highly likely that someone used them for personal needs and dumped them in the network once they became no longer needed, he added.
Now, people from these databases may fall victim to fraud. Scammers may gain their confidence by impersonating the bank’s security services or use people’s passport data for other fraudulent purposes.
This Issue Has a Solution
Meanwhile, Bitcoin and other cryptocurrencies have emerged as a response to an inefficient banking system with high fees, a lack of transparency, and vulnerabilities to security breaches.
Unlike dealing with traditional financial institutions, you do not need to provide your data to perform transactions with cryptocurrencies. Moreover, you can keep your transactions (at least, partly) confidential.
Naturally, the increased anonymity of cryptocurrencies ensures a higher degree of personal data security and therefore minimizes the threat of data leakage. Notably, this feature of digital assets is often criticized by banks and regulators — who claim that high anonymity facilitates money laundering and tax evasion.
Instances of data leaks from financial companies have become more common. Do you believe these developments will push for faster blockchain adoption? Let us know what you think in the comments below.