PAO Sberbank of Russia completed an investigation into a recent credit card data leak affecting 200 of its clients and found the person responsible for the breach, Russia's largest lender said Oct. 5.
The investigation, carried out with the assistance of local law enforcement agencies, showed the culprit headed a division at one of Sberbank's units and had access to its databases. The employee has confessed to the crime and police have begun procedural actions, according to Sberbank's statement.
The lender said there is no threat of further data leakage other than the 200 credit cards that were reported as compromised and that clients' funds were safe at all times.
Kommersant reported Oct. 3 that personal details of Sberbank's 60 million active and closed credit card holders were put up for sale on the black market, with the data leak potentially being the biggest to date in the Russian banking sector. Sberbank currently has about 18 million active cards.
An unnamed seller was reportedly selling the information at a rate of 5 Russian rubles per data entry, Kommersant noted. DeviceLock, a cybersecurity company that alerted the newspaper about the data breach, said it was the largest and most detailed banking database the company ever found on the Russian online black market.
As of Oct. 4, US$1 was equivalent to 64.62 Russian rubles.
