The Center for Monitoring and Responding to Cyber Attacks in the credit and financial sector of the Bank of Russia (FinCERT) and the Visa payment system have alerted banks to a data breach involving 55,000 banking clients’ records. RBC reported, citing sources familiar with the matter.<\/p>\n
The breach affected data from the international trading platform Joom. The database contains partial card numbers, their expiry dates, information about the payment system and the issuing bank.<\/p>\n
Among the data exposed publicly were the details of customers of Sberbank, Raiffeisenbank, Tinkoff Bank, Rosbank and many others.<\/p>\n
The database includes personal data \u2014 full names, phone numbers, e-mails and addresses.<\/p>\n
Joom confirmed the breach \u2014 it occurred back in March 2020. At that time the company said it was aware of it, but it did not involve information about bank cards.<\/p>\n
FinCERT issued warnings only to the banks whose customers’ cards were represented in the database. The lending institutions reacted to the notification in different ways.<\/p>\n
Sberbank said it did not locate card data for its own customers in the database. The database contained information on the cards of customers of the company’s foreign subsidiaries, but they are not at risk, according to Sberbank.<\/p>\n
Otkritie tightened controls over card operations for customers affected by the breach. Raiffeisenbank blocked the compromised cards and announced their reissuance; Promsvyazbank said it would do the same.<\/p>\n
Representatives of several banks stated that the database did not contain data enabling theft of funds from cards. However, attackers could use the personal data from the database for other kinds of fraud.<\/p>\n
Besides the Joom leak, data of Utair customers appeared online in the network in the past days. The database contains more than 530 thousand records with information on documents, addresses, phone numbers, e-mails, customers’ full names and other data.<\/p>\n