Police detained a suspect in the theft of personal data of clients of several banks, including Sberbank, said Interior Ministry spokeswoman Irina Volk. A criminal case was instituted against him on the grounds of a crime under Part 3 of Art. 183 of the Criminal Code (Illegal receipt and disclosure of information constituting a commercial, tax or banking secret). He faces up to five years in prison.
According to preliminary data, the suspect is an employee of the collection agency "National collection service" (LLC "NSV"). His name and surname are not disclosed by the Ministry of Internal Affairs. According to the investigation, the man is a native of Volgograd, on the Internet he acted under the pseudonym “Anton 2131”.
The press service of Sberbank confirmed to Vedomosti the information disseminated by the Ministry of Internal Affairs. “As we said earlier, there was no leakage of customer data from Sberbank and our subsidiaries. In connection with the violation of the terms of the contract and the loss of confidence, Sberbank will terminate the contract with NSV LLC as soon as possible, ”the bank representative said. In addition, Sberbank will conduct an audit of personal data protection systems for problem borrowers used by collection agencies - contractors, the press service promised. Vedomosti is awaiting comment from the National Collection Service.
Earlier, on October 3, Kommersant announced the appearance of a database of Sberbank clients on the Internet. Ashot Hovhannisyan, the founder of DeviceLock, told the publication that a database with data of 60 million credit cards was put up for sale. The announcement of the sale appeared on the forum blocked by Roskomnadzor. A 200-line document was offered to potential buyers for review. On the same day, Sberbank confirmed that the data on credit card accounts went online. We are talking about 200 customers, the bank reported.
Later, on October 5, Sberbank reported that its security service, together with law enforcement agencies, had identified a bank employee who had sold 5,000 accounts of the Ural Bank of Sberbank in the shadow Internet in September. A man born in 1991 was the head of the sector in one of the business divisions of Sberbank and had access to databases.
Sberbank President German Gref said on October 11 that the investigation of the data leak lasted 4 hours. “Within four hours, we discovered and found everything and closed all possibilities. All the same, the money would not have been stolen, because our system has a triple security system, ”said Gref (quoted by RIA Novosti). According to him, for the bank, the theft of personal data of customers did not have any serious consequences.