Search This Blog

Showing posts with label Financial Data Breach. Show all posts

Credit histories of a million Russians were in the public domain


The microfinance company’s database with passport data, phone numbers and residential addresses was made publicly available.

Credit histories of more than 1 million Russians with data of mobile operators obtained from the Bureau of Credit Histories (BKI) were in the public domain since the end of August. Independent cybersecurity researcher Bob Dyachenko first discovered this data on October 10. According to him, he reported a problem to the BKI, after which the database was closed.

However, it is not known whether anyone had time to download the publicly available information. As Dyachenko noted, specialized search engines indexed it on August 28.

According to media reports, the database could belong to GreenMoney microfinance company, which gave the online loans. It contains passport data of borrowers, other documents, addresses of registration and actual place of residence, phone numbers, information about loans.

GreenMoney CEO Andrei Lutsyk said that an audit is being carried out on what happened. According to him, the company complies with all requirements for the storage and processing of personal data provided by law.

Information security expert Vitaliy Vekhov noted that any leak of personal data carries risks for its owners. In this case, he believes, it is important to understand exactly what information appeared on the Internet.

"For example, passport data alone do not carry anything. According to a photocopy of the passport, as you know, nothing can be issued. If we are talking about the data of Bank cards, they can be used only if there is a CVV code, and it is not in the data of credit histories," the expert explained.

According to Vekhov, at the same time attackers can freely use any data with the help of certain resources.

It is interesting to note that the company GreenMoney in mid-September was deleted from the register of the Monetary Financial Institutions (MFIs) for numerous violations.

Hackers made Bank clients debtors - Large-scale data breach occurred in Russia



On June 8-9, Alfa-Bank was attacked for several hours, as a result of which the stolen funds appeared on the accounts of random customers of the credit institution.

Some clients of the Bank received amounts from 10 to 15 thousand rubles ($ 155-235). Many of them quickly spent this easy money.

However, immediately after the payment, Alfa-Bank clients were charged amounts two to three times more than the fraudsters sent. They formed an overdraft or a short-term loan.

Alfa-Bank solved the problem with hacking within a few hours, and clients of Bank are obliged to return the money that came from hackers in full amount. However, there were no official comments from Alfa-Bank.

Experts said that such a fraud can be done only with access to the Bank's system. Therefore, the security service is looking for fraud among its employees.

It is worth noting that on June 9, the Russian newspaper Kommersant reported the leakage of personal data of 900 thousand clients of Alfa-Bank, OTP Bank and Home Credit Bank in Russia. According to the published material, the names, phone numbers (mobile, home and work), address and place of works, passport data of almost 900 thousand Russians including 55 thousand customers of Alfa-Bank were publicly available on the Internet, as well as balances on the accounts of clients of Alfa-Bank limited to a range of 130-160 thousand rubles.

The company DevicеLock found the leaks. They occurred at the end of May, the data were collected a few years ago, but a significant part of the information is still relevant. Moreover, DeviceLock discovered two customer databases of Alfa-Bank: one contains data on more than 55 thousand customers from 2014-2015, the second contains 504 records from 2018-2019.

An interesting fact is that one of the databases of clients of Alfa-Bank contains data on about 500 employees of the Ministry of Internal Affairs and about 40 people from the FSB (the Federal Security Service).

The Press Service of Alfa Bank said that at the moment they are checking the accuracy and relevance of information.