Sberbank is investigating the leakage of customers' data to the Internet, the bank reported in a press release. The bank claims that it is studying the authenticity of the data that was put for sale on the Internet.
The report says there's no possibility for the outside hacking, so data was leaked by one of the employees. Also, Sberbank's representatives assured that there is no threat to the clients.
Russian newspaper Kommersant got access to a fragment of the database. The publication reports about 60 million credit card data, including 18 million cards that are still active. Russian Federal Service for Supervision of Communications, Information Technology, and Mass Media (Roskomnadzor) has already blocked the webpage, which sold the personal data of the bank's customers. The fragment of data, that the newspaper has, consists of 200 customers. There is information about their full name, numbers of cards and phones, information on financial transactions. The Ural territorial Bank of Sberbank serves all of them.
DeviceLock company founder Ashot Hovhannisyan says that his organization has analyzed about 240 records out of an estimated 60 million. According to him, all the data belongs to real people. He noted that the Russian Central Bank, Roskomnadzor, and law enforcement will continue the investigation on this case. A source close to the Central Bank said that the data leak could have occurred as a result of employee's bribery. According to the text file, the document was sent from the bank.