Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Financial Data Breach. Show all posts

How to Prevent a Ransomware Attack and Secure Your Business

 

In today’s world, the threat of cyberattacks is an ever-present concern for businesses of all sizes. The scenario of receiving a call at 4 a.m. informing you that your company has been hit by a ransomware attack is no longer a mere fiction; it’s a reality that has affected several major companies globally. In one such instance, Norsk Hydro, a leading aluminum and renewable energy company, suffered a devastating ransomware attack in 2019, costing the company an estimated $70 million. This incident highlights the vulnerabilities companies face in the digital age and the immense financial and reputational toll a cyberattack can cause. 

Ransomware attacks typically involve hackers encrypting sensitive company data and demanding a hefty sum in exchange for decryption keys. Norsk Hydro chose not to pay the ransom, opting instead to rebuild their systems from scratch. Although this route avoided funding cybercriminals, it proved costly in both time and resources. The question remains, what can be done to prevent such attacks from occurring in the first place? The key to preventing ransomware and other cyber threats lies in building a robust security infrastructure. First and foremost, organizations should implement strict role-based access controls. By defining specific roles for employees and limiting access to sensitive systems based on their responsibilities, businesses can reduce the attack surface. 

For example, financial analysts should not have access to software development repositories, and developers shouldn’t be able to access the HR systems. This limits the number of users who can inadvertently expose critical systems to threats. When employees change roles or leave the company, it’s essential to adjust their access rights to prevent potential exploitation. Additionally, organizations should periodically ask employees whether they still require access to certain systems. If access hasn’t been used for a prolonged period, it should be removed, reducing the risk of attack. Another critical aspect of cybersecurity is the implementation of a zero-trust model. A zero-trust security approach assumes that no one, whether inside or outside the organization, should be trusted by default. 

Every request, whether it comes from a device on the corporate network or a remote one, must be verified. This means using tools like single sign-on (SSO) to authenticate users, as well as device management systems to assess the security of devices trying to access company resources. By making trust contingent on verification, companies can significantly mitigate the chances of a successful attack. Moreover, adopting a zero-trust strategy requires monitoring and controlling which applications employees can run on their devices. Unauthorized software, such as penetration testing tools like Metasploit, should be restricted to only those employees whose roles require them. 

This practice not only improves security but also ensures that employees are using the tools necessary for their tasks, without unnecessary exposure to cyber risks. Finally, no security strategy is complete without regular fire drills and incident response exercises. Preparing for the worst-case scenario means having well-documented procedures and ensuring that every employee knows their role during a crisis. Panic and confusion can worsen the impact of an attack, so rehearsing responses and creating a calm, effective plan can make all the difference. 

 Preventing cyberattacks requires a combination of technical measures, strategic planning, and a proactive security mindset across the entire organization. Business leaders must prioritize cybersecurity just as they would profitability, growth, and other business metrics. By doing so, they will not only protect their data but also ensure a safer future for their company, employees, and customers. The impact of a well-prepared security system is immeasurable and could be the difference between an incident being a minor inconvenience or a catastrophic event.

Wise and Evolve Data Breach Highlights Risks of Third-Party Partnerships

 

Wise, a prominent financial technology company, recently disclosed a data breach impacting some customer accounts due to a ransomware attack on their former partner, Evolve Bank & Trust. The breach has raised significant concerns about the security of third-party partnerships, especially in financial services. From 2020 to 2023, Wise partnered with Evolve to provide USD account details for their customers. Last week, Evolve confirmed an attack attributed to the notorious ransomware group LockBit. 

The group leaked the data after the bank refused to pay the ransom. The breach underscores the precarious nature of relying on third-party companies for critical services and trusting their security measures. Evolve has not yet confirmed the specific personal information leaked. However, Wise has taken a transparent approach, confirming that the shared information included names, addresses, dates of birth, contact details, Social Security numbers (SSNs) or Employer Identification Numbers (EINs) for U.S. customers, and other identity document numbers for non-U.S. customers. 

Evolve’s initial investigation suggests that names, SSNs, bank account numbers, and contact information for most of their personal banking customers, as well as customers of their Open Banking partners, were affected. In response to the breach, Wise assured its customers that they no longer work with Evolve Bank & Trust. Currently, USD account details are provided by a different bank, emphasizing their commitment to security and customer trust. 

Wise has implemented additional security protocols and is collaborating with cybersecurity experts to understand the breach’s scope and fortify their defenses. Wise has proactively communicated with its customers, recommending precautionary steps such as changing passwords, enabling two-factor authentication, and monitoring account activity for any suspicious transactions. They have also provided resources and support to help customers protect their information. The breach has heightened concerns among customers regarding the security of their personal and financial information. 

Despite the challenges posed by the breach, Wise’s proactive approach and transparent communication have helped reassure customers. The company continues to work closely with cybersecurity experts to enhance their defenses and prevent future incidents. As the investigation progresses, Wise is determined to provide regular updates and support to affected customers. Their dedication to transparency and user security remains unwavering, ensuring that they take every step necessary to safeguard their users’ information and maintain their trust. 

This incident highlights the growing threat of cyberattacks on financial institutions and the critical need for robust security measures. Customers are reminded to stay alert and take proactive steps to protect their online accounts. Wise’s efforts to address the breach and protect their users underscore their commitment to maintaining trust and security for their customers.

The Latest Prudential Financial Data Breach Exposes Vulnerabilities

 

Prudential Financial, a global financial giant managing trillions in assets, recently revealed a cybersecurity breach, putting employee and contractor data at risk. The incident, identified on February 5, highlighted the vulnerabilities in even the most robust financial institutions' cybersecurity defenses. 

Prudential Financial, a Fortune 500 company providing a spectrum of financial services to over 50 million customers globally, reported that a threat actor gained unauthorized access to some of its systems. The breach, detailed in a Form 8-K filing, exposed the severity of the incident, as the attackers managed to steal administrative and user data stored on compromised systems, including user accounts linked to employees and contractors. 

The company, managing assets worth approximately $1.4 trillion, activated its cybersecurity incident response process promptly. External cybersecurity experts were enlisted to investigate, contain, and remediate the breach. Despite these efforts, Prudential Financial did not disclose the number of employees affected among its 40,000-strong global workforce. The nature of the attack suggests a cybercrime group's involvement, potentially indicating a ransomware attack. Prudential Financial assured stakeholders that it is actively investigating the extent of the incident, aiming to determine if the threat actor accessed additional information or systems. 

The company is committed to understanding the full impact of the breach on its operations. Prudential Financial emphasized that, as of now, there is no evidence of customer or client data theft. This assertion is a relief for the millions of customers who rely on the company for insurance, retirement planning, and wealth management services. The incident has been reported to law enforcement and regulatory authorities, showcasing the company's commitment to transparency and cooperation in addressing the cyber threat. 

However, this is not the first time Prudential Financial faced a data breach. In May 2023, a further complication arose when personal information for over 320,000 Prudential customers, managed by third-party vendor Pension Benefit Information (PBI), became vulnerable. The breach was attributed to the Clop cybercrime group infiltrating PBI's MOVEit Transfer file-sharing platform. PBI, in their communication about the incident, specified that compromised data on their server included sensitive information such as names, addresses, dates of birth, phone numbers, and Social Security numbers. 

This prior breach adds a layer of complexity to the recent cybersecurity incident, prompting concerns about the overall resilience of Prudential Financial's data security infrastructure. The dual incidents underscore the evolving and persistent threats financial institutions face in the digital age. The intricacies of these breaches pose challenges not only in immediate response but also in understanding the long-term consequences on customer trust, regulatory compliance, and the overall stability of the financial services provider. 

As Prudential Financial navigates the aftermath of the recent breach, the focus on cybersecurity resilience becomes paramount. The company must reassess and fortify its security protocols to withstand evolving cyber threats. Beyond addressing the immediate vulnerabilities, Prudential Financial needs to instil confidence in its customers, employees, and stakeholders by showcasing a renewed commitment to data protection and proactive cybersecurity measures. 

The Prudential Financial Data Breach serves as a cautionary tale for financial institutions worldwide. The incident highlights the ongoing challenges in safeguarding sensitive data and underscores the critical need for continuous improvement in cybersecurity strategies. As the financial industry grapples with evolving cyber threats, institutions like Prudential Financial must not only respond effectively to breaches but also proactively invest in robust cybersecurity measures to protect their assets, reputation, and the trust of millions of customers.

Bank of America's Security Response: Mitigating Risks After Vendor Data Breach

 

In a concerning development, Bank of America has informed its customers about a possible data breach stemming from a security incident involving one of its vendors. This incident raises questions about the security of sensitive customer information, underscoring the ongoing challenges faced by financial institutions in defending against cyber threats. The breach notification from Bank of America underscores the importance of transparency and timely communication in response to data security incidents. 

The bank assures customers that it is actively addressing the situation and taking necessary measures to mitigate potential risks. This incident serves as a reminder of the dynamic threat landscape, where even robust security measures may not always be sufficient to prevent unauthorized access to sensitive data. While specific details about the vendor hack remain limited, the incident highlights the interconnected nature of the modern financial ecosystem. Financial institutions often rely on a network of vendors and third-party service providers to streamline operations and enhance services. 

However, this interconnectedness also introduces potential vulnerabilities, as cybercriminals may target less secure entry points to gain access to valuable financial data. Bank of America's proactive approach in promptly notifying customers is commendable, enabling individuals to take necessary precautions such as monitoring accounts for suspicious activity and updating passwords. The incident prompts a broader conversation about the need for continuous vigilance by both financial institutions and customers in the face of an ever-evolving cyber threat landscape. 

The bank assures that they are collaborating closely with law enforcement agencies and cybersecurity experts to investigate the extent of the breach and identify the perpetrators. Such collaborative efforts are crucial in the aftermath of a data breach, enhancing the understanding of attack vectors employed by cybercriminals and informing strategies to fortify future defenses. In response to the breach, customers are advised to remain vigilant for phishing attempts and fraudulent activities. 

Cybercriminals often exploit data breaches to launch targeted phishing attacks, attempting to trick individuals into divulging sensitive information or installing malware. Heightened awareness and skepticism regarding unsolicited communications can prevent additional security compromises. Financial institutions grapple with the growing sophistication of cyber threats, requiring a comprehensive and adaptive approach to cybersecurity. This includes robust technical defenses, ongoing employee training, regular security assessments, and a commitment to staying abreast of emerging threats. 

The incident involving Bank of America underscores the necessity for the financial industry to continually reassess and enhance its cybersecurity posture. As the investigation unfolds, the financial and cybersecurity communities will closely monitor the aftermath of the Bank of America data breach. The incident underscores the importance of not only responding promptly to security incidents but also learning from them to fortify defenses for the future. The interconnected nature of the financial sector demands a collective and proactive effort to address vulnerabilities and ensure the security and trust of customers. 

The Bank of America data breach serves as a stark reminder of the persistent and evolving nature of cyber threats faced by financial institutions. It emphasizes the importance of transparency, collaboration, and ongoing efforts to strengthen cybersecurity measures. As the financial industry navigates the complex landscape of digital risks, a collective commitment to cybersecurity remains essential to safeguard the integrity of the financial system and protect the sensitive information of customers.

North Korean Hackers Swipe $200M in 2023 Crypto Heists

North Korean hackers had been effective in fleeing with an incredible $200 million in various cryptocurrencies in the year 2023 in a series of clever cyber heists. North Korea's alarming increase in crypto thefts has not only put the whole cybersecurity world on high alert, but it has also highlighted the country's increasing skill in the field of cybercrime.

Several cyberattacks targeting important cryptocurrency exchanges, wallets, and other digital platforms were conducted by North Korean cybercriminals, according to reports from reliable sources, a blockchain intelligence business.

The hackers' tactics are reported to be highly advanced, indicating a deep understanding of the cryptocurrency landscape and an evolving sophistication in their methods. Their operations have been linked to funding the North Korean regime's activities, including its missile development programs, which add a geopolitical dimension to these digital attacks.

Digital space has unavoidably been affected by the continued tension surrounding North Korea's actions on the international scene. The nation has apparently mastered cybercrime, allowing it to take advantage of holes in different encryption schemes. Strong countermeasures are needed for this new type of criminal conduct in order to safeguard both the interests of individual cryptocurrency holders and the integrity of the entire digital financial system.

Crypto exchanges and related platforms are under increasing pressure to improve their security protocols, implementing cutting-edge technologies like multi-factor authentication, biometric identification, and enhanced encryption to protect customer assets. To create a unified front against these cyber dangers, collaborations between government agencies and business sector cybersecurity professionals are essential.

As these attacks underscore the pressing need for global cybersecurity cooperation, governments, and international organizations should consider initiatives that promote information sharing, threat intelligence dissemination, and coordinated responses to cyber threats. This should ideally be coupled with diplomatic efforts to address the underlying issues that fuel such illicit activities.

The North Korean crypto heists also emphasize the significance of individual user vigilance. Cryptocurrency holders should adopt a proactive stance on security, utilizing hardware wallets, regularly updating software, and staying informed about potential threats. Additionally, employing a healthy level of skepticism towards unsolicited messages and emails can thwart phishing attempts that often serve as entry points for hackers.

Hackers Trick Victims into Downloading BitRAT Malware

 

A brand new malware campaign has been discovered which is using important data stolen from a Colombian bank as a lure in phishing emails to drop a remote access trojan called BitRAT. 

As of now, it is being reported that the unknown figure has hijacked the IT infrastructure of a Colombian cooperative bank, using the information to craft convincing decoy messages to lure customers into opening file attachments. 

A recent attack was discovered by cybersecurity firm Qualys, which found evidence of a database dump comprising 418,777 records that have been obtained by exploiting SQL injection faults. 

The information that has been leaked includes Cédula numbers (a national identity document issued to Colombian citizens), phone numbers, customer names, email addresses, payment records, addresses, and salary details. 

The Excel file, which contains the exfiltrated bank information, also embeds within it a macro that's used to download a second-stage DLL payload, which is configured to retrieve and install BitRAT in the system of the victim. 

"It uses the WinHTTP library to download BitRAT embedded payloads from GitHub to the %temp% directory," Qualys researcher Akshat Pradhan reported. 

Furthermore, he added that "Commercial off-the-shelf RATs have been evolving their methodology to spread and infect their victims. They have also increased the usage of legitimate infrastructures to host their payloads and defenders need to account for it." 

BitRAT is a malicious program, which is known as a Remote Access Trojan (RAT). Hackers and a group of hackers use this Malware to get remote access and control over an infected system and network. 

Furthermore, studies found that RATs have advanced technologically driven functionality. However, BitRAT is not considered the most sophisticated malware if we compare it to other malware software that are present today, nevertheless, it is highly dangerous. Therefore, BitRAT infections must be curved immediately after its detection in the system.

It is a matter of concern since worldwide financial institutions are being targeted every day. Recently, the Dutch mobile security company identified a network of phishing websites targeting Italian online-banking users to get hold of their contact details. 

E-Bike Phishing Sites Abuse Google Ads to Push Scams

 

A large-scale phishing campaign making headlines involving over 200 scam sites that are deceiving users into providing their sensitive data to the fake investments schemes impersonating genuine brands.
Following the news, two cyber security analysts Ankit Dobhal and Aryan Singh have stated in their research that this phishing campaign has caused financial damages of up to $1,000,000, coming from tens of thousands of victims. 

The fraudulent operation was discovered by the Singaporean security firm CloudSEK, which has shared its report with media firms enunciating that this phishing campaign apparently victimized the Indian audiences through Google Ads and SEO by drawing them to hundreds of fake websites. 

The Indian government has recently launched favorable policies to uplift the growth of the country's electric vehicle sector. According to the Indian analysis reports, before the end of this decade, these new policies will bring a growth of 90% (CAGR) for the Indian EV sector, making it a $200 billion sector. The Country is already experiencing a boost in this sector, over 400 EV start-ups have already taken place while existing automotive companies are also promoting their operations in the EV sector. 

Because of the boom in this industry, the group of Cyber threat actors victimized people with an explosion of websites attempting to exploit victims with fake information. The malicious actors ensure a steady influx of potential victims by abusing Google Ads, stuffing their phony sites with keywords, and impersonating popular companies such as Revolt and Ather. 

It has been noticed in many cases that the threat actors simply copy the content, layout, style, and all images of the genuine sites and create clones. Furthermore, in other cases, the scammers make entirely fictional marketplaces using generic words like "ebike". 

When users login into the websites, the scammers instruct them to enter their full address including their names, email addresses, contact numbers, to register on the platforms. After the registration, the scammers ask them to pay the required fee to become an EV dealer or purchase a product on the site.

Top-Ranking Banking Trojan Ramnit Stealing Payment Card Data

 


Online Shopping has become increasingly popular these days, and it has accelerated since the COVID-19 pandemic the trend eventually exacerbated the cybersecurity threat. Online shopping has undeniable advantages, but still, it makes negative headlines every day. 

According to the sources, online sales increased 9% during the 2021 holiday season to a record $204.5 billion. Mastercard said that the shopping rose up to 8.5% this year compared to 2020 and 61.4% compared to pre-pandemic levels. 

IBM X-Force researchers said that the threat actors are not missing pandemic trends opportunities primarily the Ramnit Trojan. Recently a study has discovered that the Ramnit Trojan is brutally taking over people’s online accounts and stealing their payment card data. 

The Ramnit malware has targeted a long list of popular brands and online retailers such as travel and lodging platforms. The IBM X-Force researchers further said that they have noticed a diverse collection of Ramnit configuration files over the years. Not only was Ramnit at the top of the list of active banking Trojan in 2021, but the malware has also been a cybercrime tool for over a decade. 

The group continues to victimize the people and service providers, primarily, when it is the holiday season. Once it makes its way to an infected device, it monitors browsing to target websites and goes into information stealing mode. It typically steals login data, but its web injections can also trick users into providing payment card credentials or other sensitive information. 

Between 2011 and 2014, the Ramnit Trojan gained momentum in the cybercrime arena, ranking in the top 10 list of the most prevalent financial Trojan. The malware is active since 2010. Ramnit is designed to leverage removable drives and network shares, user credentials, and deploys in session web injections. This malware infection was rampant in North America, Europe, and Australia.

Shipping Giant Forward Air Reports Ransomware Data Breach

 

Forward Air, a shipping company, has revealed a data breach as a result of a ransomware attack that enabled threat actors to acquire employees' personal information.

Forward Air was struck with a ransomware attack in December 2020 by what was thought to be a new cybercrime group known as Hades. Forward Air's network was shut down as a consequence of the assault, causing commercial interruption and the inability to release freight for transport. 

Forward Air stated in an SEC filing that it lost $7.5 million of less than load (LTL) freight revenue mainly due to the Company's requirement to momentarily halt its electronic data interfaces with its clients. 

Researchers later discovered that this assault was most likely carried out by members of the Evil Corp cybercrime group, who frequently carry out operations under different ransomware identities, such as Hades, to avoid US penalties. 

Multiple Forward Air workers contacted BleepingComputer at the time, concerned that the hack had revealed their personal information. As part of the attack, the threat actors built up a Twitter account that they stated would be utilized to leak Forward Air data. However, no data was ever found to be released by threat actors. 

After almost a year, Forward Air has revealed that the current and ransomware attacks exposed the data of previous workers. 

A data breach notification sent to Forward Air employees stated, "On December 15, 2020, Forward Air learned of suspicious activity occurring within certain company computer systems. Forward Air immediately launched an investigation to determine the nature and scope of the incident." 

"The investigation determined that certain Forward Air systems were accessible in November and early December 2020 and that certain data, which may have included your personal information, was potentially viewed or taken by an unknown actor." 

Employee names, addresses, dates of birth, Social Security numbers, driver's licence numbers, passport numbers, and bank account numbers are among the data that the Evil Corp threat actors may have obtained. 

While Forward Air claims there is no evidence that the data was misused, they are providing impacted individuals with a complimentary one-year membership to the myTrueIdentity credit monitoring service. 

Since there is no way to detect if a threat actor utilised stolen data, even if they promise not to after receiving a ransom payment, all impacted workers should presume that their data has been compromised. This implies that individuals should keep track of their credit reports, bank records, and other financial information.

Wawa Paying $9 Million in Cash, Gift Cards in Data Breach Settlement


The Wawa convenience store chain is paying out up to $9 million in cash and gift cards to customers who were affected by a previous data breach, as reimbursements for their loss and inconvenience. 

The affected customers can request gift cards or cash that Wawa is paying out to settle a lawsuit over the security incident. Here's everything you need to learn about the proposed class action settlement – who's eligible, how to submit a claim for cash or a gift card, and how to object to the deal. 

Customers who used their payments cards at any Wawa store or gas pump during the data breach, but were not impacted by the fraud, qualifies to receive a $5 gift card, as compensation. These claimants are referred to as 'Tier One Claimants'. 

However, the claimants will be required to submit proof of the purchase they conducted at a Wawa store or fuel pump between March 04, 2019, and December 12, 2019 – when the data breach occurred – in order to claim the gift card. Customers would essentially be required to provide proof of the transaction date, preferably a store receipt of a statement by the bank, or a screenshot from the concerned bank or credit card company website or app. 

The next category of claimants, referred to as 'Tier Two Claimants' could receive a gift card worth $15 if they show reasonable proof of an actual or attempted fraudulent charge on their debit or credit card post-transaction. 

The last category of claimants, referred to as 'Tier Three Claimants' qualify to receive a cash reimbursement of upto $500, if they provide reasonably documented proof of money they spent in connection with the actual or attempted fraudulent transaction on their payment card. It must be reasonably attributed to the data breach incident. 

During the 9 month span of the data breach, around 22 million class members made a financial transaction at one of the Wawa stores. Customers have been given a deadline of November 29, 2021, to submit a claim for recompensation. By doing so, they are giving up their right to sue Wawa over the 2019 security incident. 

Those who wish to retain their right to sue the company over the security incident and do not wish to receive the payment will be required to exclude themselves from the class. The deadline given for the same is November 12, 2021. 
 

What is this settlement for?


In 2019, the Wawa convenience store chain experienced a data breach wherein cybercriminals hacked their point-of-sale systems to install malware and steal customers' card info. As the fraud impacted Wawa's 850 locations along the East Coast, the U.S based convenience store company found itself buried in a series of lawsuits. One of which – filed by the law firm Chimicles Schwartz Kriner & Donaldson-Smith, of Haverford – claimed that the data breach “was the inevitable result of Wawa's inadequate data security measures and cavalier approach to data security.”

The massive data breach that lasted for nine months,
affected in-store payments and payments at fuel pumps, including “credit and debit card numbers, expiration dates, and cardholder names on payment cards.” Meanwhile, hackers also attempted to sell the stolen financial data on the dark web. 

As a result, a police investigation was called in for and the organization also conducted an internal investigation by appointing a forensics firm for the same.

Sensitive Data of 7 Million Indian Cardholders Circulating On Dark Web


There is a rapid increase in the number of data breaches last year, jumping by 17%, which has become an increasingly serious issue. Recently, sensitive data of 7 million debit and credit cardholders has been circulating on the dark web.

The 2GB database included names, contact numbers, email addresses, Permanent Account Number, income details, and employers' firm.

As per the screenshots of the leaked data, the details were found on a public Google Drive document discovered by Rajshekhar Rajaharia, an Internet cybersecurity researcher who informed Inc42, warning that as the private data pertains to the finances, it is highly valuable and can potentially be used by malicious actors to develop phishing attacks.

The database that also included the PAN numbers of around 5 lakh users, relates to the time period between 2010 and 2019 which could be of extreme significance to cybercriminals and scammers, per se. Although the card numbers were not available in the database, Rajaharia managed to verify the details for certain users including himself. He matched the LinkedIn profiles of the names mentioned in the list, and it proved to be accurate.

In a conversation with Suriya Prakash, Sr Security Researcher Cyber Security and Privacy Foundation Pte Ltd, Ehacking News attempted to understand the source of the breach: He said, "These usually don't originate at the bank level as they have secure environments. Regulators and banks often misunderstand this and spend crores securing infrastructure."

"The main source of data breaches are usually due to bank employees using their official emails to create accounts in third-party sites (social media etc). When these third parties get breached its causes issues for the bank. This can be simply avoided by putting in the SOP that employees should not use their official emails for other services, any usage should get written permission from the admin team. If this is strictly enforced majority of data breaches can be avoided."

"Also websites that collect payments like e-commerce sites should be brought user RBI regulations as they too might be causes of the breach," he concluded.

Credit histories of a million Russians were in the public domain


The microfinance company’s database with passport data, phone numbers and residential addresses was made publicly available.

Credit histories of more than 1 million Russians with data of mobile operators obtained from the Bureau of Credit Histories (BKI) were in the public domain since the end of August. Independent cybersecurity researcher Bob Dyachenko first discovered this data on October 10. According to him, he reported a problem to the BKI, after which the database was closed.

However, it is not known whether anyone had time to download the publicly available information. As Dyachenko noted, specialized search engines indexed it on August 28.

According to media reports, the database could belong to GreenMoney microfinance company, which gave the online loans. It contains passport data of borrowers, other documents, addresses of registration and actual place of residence, phone numbers, information about loans.

GreenMoney CEO Andrei Lutsyk said that an audit is being carried out on what happened. According to him, the company complies with all requirements for the storage and processing of personal data provided by law.

Information security expert Vitaliy Vekhov noted that any leak of personal data carries risks for its owners. In this case, he believes, it is important to understand exactly what information appeared on the Internet.

"For example, passport data alone do not carry anything. According to a photocopy of the passport, as you know, nothing can be issued. If we are talking about the data of Bank cards, they can be used only if there is a CVV code, and it is not in the data of credit histories," the expert explained.

According to Vekhov, at the same time attackers can freely use any data with the help of certain resources.

It is interesting to note that the company GreenMoney in mid-September was deleted from the register of the Monetary Financial Institutions (MFIs) for numerous violations.

Hackers made Bank clients debtors - Large-scale data breach occurred in Russia



On June 8-9, Alfa-Bank was attacked for several hours, as a result of which the stolen funds appeared on the accounts of random customers of the credit institution.

Some clients of the Bank received amounts from 10 to 15 thousand rubles ($ 155-235). Many of them quickly spent this easy money.

However, immediately after the payment, Alfa-Bank clients were charged amounts two to three times more than the fraudsters sent. They formed an overdraft or a short-term loan.

Alfa-Bank solved the problem with hacking within a few hours, and clients of Bank are obliged to return the money that came from hackers in full amount. However, there were no official comments from Alfa-Bank.

Experts said that such a fraud can be done only with access to the Bank's system. Therefore, the security service is looking for fraud among its employees.

It is worth noting that on June 9, the Russian newspaper Kommersant reported the leakage of personal data of 900 thousand clients of Alfa-Bank, OTP Bank and Home Credit Bank in Russia. According to the published material, the names, phone numbers (mobile, home and work), address and place of works, passport data of almost 900 thousand Russians including 55 thousand customers of Alfa-Bank were publicly available on the Internet, as well as balances on the accounts of clients of Alfa-Bank limited to a range of 130-160 thousand rubles.

The company DevicеLock found the leaks. They occurred at the end of May, the data were collected a few years ago, but a significant part of the information is still relevant. Moreover, DeviceLock discovered two customer databases of Alfa-Bank: one contains data on more than 55 thousand customers from 2014-2015, the second contains 504 records from 2018-2019.

An interesting fact is that one of the databases of clients of Alfa-Bank contains data on about 500 employees of the Ministry of Internal Affairs and about 40 people from the FSB (the Federal Security Service).

The Press Service of Alfa Bank said that at the moment they are checking the accuracy and relevance of information.