What is the issue?
Three major private banks in Russia, OTP Bank, Alfa Bank, and HCF Bank had its customer data leaked online.
OTP Bank data leak
A publicly available database listed as OTP Bank contained personal data of almost 800,000 clients including names, phone numbers, addresses, approved credit limit, work notes on how the contact with the client was passed. The information in the database dated back to 2013.
“There is no information leakage recorded in our bank, and the origin of this database is unknown to us,” OTP Bank said, Kommersant reported.
HCF Bank data leak
Another unsecured database that contained data of HCF bank held almost 24,400 customers’ personal information including names, passport details, phone numbers, addresses, and credit limit.
“The origin of the data in the specified file is unknown to the bank, but we will take steps to establish it,” HCF bank said.
Alfa Bank data leak
DeviceLock uncovered two databases that contain customer data of Alfa Bank.
The information in the first database dated back to 2014-2015, while the second database included recent information with entries between 2018 and 2019. The addresses of customers in the first database hinted that all customers live in the Northwestern Federal District working in either private companies, the Federal Security Service, or the Ministry of Internal Affairs.
Ashot Oganesyan, Founder of DeviceLock, noted that the Alfa Bank database might have leaked in 2014 when the bank executed mass layoffs of its IT staff. Some disgruntled IT insiders could have stolen the database and dumped them online.