Search This Blog

Showing posts with label PrivatBank. Show all posts

Ukraine’s PrivatBank Database for Sale on a Hacking Forum

 

PrivatBank is the biggest commercial bank in Ukraine, as far as the number of customers, assets value, loan portfolio, and taxes paid to the national budget are considered. Headquartered in Dnipro, in central Ukraine, the bank was nationalized by the government of Ukraine to ensure its 20 million clients and to preserve "financial stability in the country", on 18 December 2016. 

As per their site, PrivatBank's net profit for 2020 was 25.3 billion UAH, which is around $910 million. The database is said to contain 40 million records of customers such as full name, DOB, taxpayer identification number, place of birth, passport details, family status, etc. 

Ukraine has a population of 44 million, and the database’s 40 million records would cover 93% of the population. In any case, it isn't evident whether these are unique records, and it would be improbable that PrivatBank has records of 93% of Ukraine's population, considering ages that wouldn't have bank accounts. 

The threat actor is asking $3,400 in bitcoin for the release of the database. At the point when CyberNews took a gander at the bitcoin address provided, it gives the idea that nobody has purchased the database yet from that specific wallet. However, it is additionally conceivable that the threat actor is generating another wallet for each sale, a process that can be done automatically.

In 2016, hackers allegedly took $10 million from the bank through a loophole in the SWIFT international banking system. Before then, in 2014, the pro-Russian hacker group CyberBerkut asserted credit for hacking into the bank and mining client information, and afterward publishing the information on the Russian social media platform VKontakte. This was obvious retaliation for a PrivatBank accomplice who offered a $10,000 bounty for capturing Russian-backed militants in Ukraine. Earlier in 2014, another group named Green Dragon asserted credit for a DDoS assault on PrivatBank and guaranteed it got to client information during the assault. 

A 2018 report by a US corporate investigations company stated that “PrivatBank was subjected to a large scale and coordinated fraud over at least a ten-year period ending December 2016, which resulted in the Bank suffering a loss of at least USD 5.5 billion.”