The Center for Monitoring and Responding to Cyber Attacks in the credit and financial sector of the Bank of Russia (FinCERT) and the Visa payment system have alerted banks to a data breach involving 55,000 banking clients’ records. RBC reported, citing sources familiar with the matter.
The breach affected data from the international trading platform Joom. The database contains partial card numbers, their expiry dates, information about the payment system and the issuing bank.
Among the data exposed publicly were the details of customers of Sberbank, Raiffeisenbank, Tinkoff Bank, Rosbank and many others.
The database includes personal data — full names, phone numbers, e-mails and addresses.
Joom confirmed the breach — it occurred back in March 2020. At that time the company said it was aware of it, but it did not involve information about bank cards.
FinCERT issued warnings only to the banks whose customers’ cards were represented in the database. The lending institutions reacted to the notification in different ways.
Sberbank said it did not locate card data for its own customers in the database. The database contained information on the cards of customers of the company’s foreign subsidiaries, but they are not at risk, according to Sberbank.
Otkritie tightened controls over card operations for customers affected by the breach. Raiffeisenbank blocked the compromised cards and announced their reissuance; Promsvyazbank said it would do the same.
Representatives of several banks stated that the database did not contain data enabling theft of funds from cards. However, attackers could use the personal data from the database for other kinds of fraud.
Besides the Joom leak, data of Utair customers appeared online in the network in the past days. The database contains more than 530 thousand records with information on documents, addresses, phone numbers, e-mails, customers’ full names and other data.
The data leaked into the network back in 2019 as a result of hacker attacks, said a representative of Utair to «Roskomsvoboda».
According to him, the attackers could not access customers’ bank cards, and the accounts of passengers in the loyalty program are not at risk.
Earlier last week, in the network discovered an open database containing nearly 235 million profiles of users on Instagram, TikTok and YouTube.
For details on how personal data ends up on the black market, read ForkLog’s article.
How the data black market works: who sells, who buys, and can you protect yourself
Subscribe to ForkLog updates on Telegram: ForkLog Feed — the full slate of news, ForkLog — the most important news and polls.