The data was obtained as a result of a leak. A representative of the bank explained its vulnerability in the remote filing of initial applications for cash loans
Data about people who applied for a loan from Bank Dom.RF were put up for sale on the Internet. The bank confirmed the leak. The Central Bank is conducting a check.
The data of Russians was put up for sale on a specialized website. The announcement was published on April 3. According to the owners, they have more than 100,000 records of those who have applied for a bank loan. The records date back to 2020-2021. They may include information about the loan amount request, phone numbers, email addresses, full names, date of birth, passport information, TIN, SNILS, home and work addresses, job title, income and proxy information. The database sells for 100 thousand rubles ($1,308), individual lines for 7-15 rubles ($0.09 - 0.20).
Bank Dom.RF belongs to the same name financial development institution in the housing sector, which is fully controlled by the state. It is in the top 20 banks in terms of capital and in the top 3 in terms of the mortgage portfolio. It was formed in 2017 on the basis of the bank Rossiyskiy Kapital, which is being reorganized.
Dom.RF reported that the leak was due to a vulnerability in remote initial cash loan applications. The bank notes that the data prevents access to customer accounts. "As part of operational work, it was eliminated in a short time, at the moment all the bank's systems are functioning normally. For preventive purposes, the security service of Dom.RF checked the integrity of all other systems of the bank and found no violations," reported the bank.
Russian media have already checked the data from a database. Six people responded and four of them confirmed that they had applied to the bank for a loan or were already its clients.