Sberbank says sensational data theft fully solved

By Andrei Skvarsky.

The source of last week’s sensational leak of Sberbank credit card details took “hours” to find out, Russia’s biggest lender said in announcing that the theft had been fully solved.

The bank said in a statement that the data, which were put on sale in the black market, had been stolen by a junior manager whose job duties involved access to credit card databases.

The manager was arrested and confessed to the theft, the bank said, providing no details about him except his birth year, 1991.

Sberbank claimed that altogether 200 credit card holders had had their data stolen, that the theft had caused none of them to lose any money, and that there was no threat of any more leaks.

Earlier, Russian media had cited cybersecurity experts as claiming that up to 60m people, or more than half of Sberbank’s global clientele, had their credit card details on the black market as a result of the leak.

The Moscow Times newspaper and East-West Digital News (EWDN) website cited the founder of data leak prevention software firm DeviceLock, Ashot Oganesyan, as saying that, if that number of victims was correct, the leak would be the largest-ever data breach in Russian banking.

“We have drawn serious conclusions and are going to radically tighten control of bank staff’s access to our systems in order to minimise the human factor,” Sberbank CEO Herman Gref said in apologising to customers.

Sorry, comments are closed for this post.