A database of 3,000 people who fail to keep up their credit repayments has gone on sale in Russia. There is every reason to believe that a fuller version of the database will appear in the near future with information on 3 million people. Experts at InfoWatch stress that if the country’s commercial banks continue to be so lax about their client confidentiality, they could see a drastic reduction in their customer base.
The Russian newspaper Kommersant has reported the leak of a database of people who have failed to keep up with payments on loans taken out from the 1st OBK bank in 2002 and 2003. Information on private clients who repay their loans to Rosbank following a merger between the two banks can be bought on the black market for 900 rubles or about $35. It appears that Rosbank may have fallen victim to the unprincipled activities of OBK’s now defunct security service.
A journalist at the newspaper managed to buy a copy of the database near a Moscow electronics market. Unlike another database that went on sale in mid-August, the latest disk only contains records on about 3,000 people. The new database contains the names of people who have failed to keep up with payments on loans taken out from 1st OVK in 2002 and 2003, their home and mobile telephone numbers and, in some cases, passport details and home addresses. Next to each name there is a note stating when and why the person was placed on a credit blacklist. Specialists suggest that the leak occurred during the merger with Rosbank in mid-2003 because the database was put together by OVK’s security service in the months leading up to the change in structure.
The journalist contacted some of the people whose names appear on the database and they confirmed that they had indeed taken out loans from 1st OVK bank on the dates given. Officials at Rosbank have refused to comment, stating that it is “necessary first to analyze the database and verify the authenticity of the information”. A source at the bank said that not all the employees were happy about the merger decision and that during the amalgamation process “a leak of information could have been a form of retribution”.
Market observers have described the appearance of such databases on the black market as catastrophic for a bank’s reputation. Some bankers pointed out that a number of organizations involved in the consumer credit market would be very interested in the information on the database. Although purchasing the database may not be very ethical, it could help many banks to improve the effectiveness of their work.
According to the person who sold the database to the journalist, another 700 Mb database called “Anticredit” containing 3 million records is due to go on sale later in September. The smaller version currently on sale was described as merely being a promotional version.
“Russian banks should have dealt with the problem of data leaks long ago. How many times can the same type of theft be repeated? Russian businesses should follow the example of the country’s regulators – the Central Bank has patched up all its holes and today it is considered to be one of the safest organizations in terms of preventing leaks. The Central Bank has also set a course for others to follow by publishing a standard on IT security. If commercial banks continue to ignore the problems of data breaches, they will end up with less and less customers,” says Denis Zenkin, marketing director at InfoWatch.
Source: Kommersant