The latest leak of confidential information from Russia's Central Bank has resulted in the bank's database of money transfers for the first quarter of 2005 going on sale. Two similar incidents took place in February and May of last year, but in October the Central Bank announced that it had plugged all the possible channels of leaks. Experts at InfoWatch stressed, however, that the database currently being sold on the black market could well have been stolen 5-6 months before the October announcement and that there were no grounds to doubt its validity.
The Russian business daily Vedomosti reported the unexpected news on Feb. 10, 2006, stating that not only had the newspaper's journalists received an offer to buy the database but had even talked to the sellers over the telephone. The report suggests that once again the Russian black market for confidential databases has something on offer from the country's Central Bank.
A similar incident took place in February 2005 when a Central Bank database went on sale containing information on payments made at the bank's cash settlement centers between April 2003 and September 2004. The incident caused widespread shock throughout Russian business circles because the stolen information provided perfect ammunition for unscrupulous business competitors. Even the Russian parliament, the State Duma, got involved, asking the prosecutor general to look into the leak of confidential information. The Central Bank itself carried out an internal investigation into the circumstances surrounding the breach. However, in May 2005 another Central Bank database appeared on the black market offering details of transactions for the fourth quarter of 2004. The information was sold in sets of three DVDs for just over $100. As well as the expected exasperation, the incident also aroused a significant amount of interest: the database contained details on the controversial sale of Yuganskneftegaz, the Yukos oil company's main extraction unit, at an enforced auction in late 2004. The Central Bank once again investigated, the prosecutor's office was forced into action by the State Duma, and the Federal Security Service (FSB) even got involved.
A watershed in the Central Bank's battle against the insiders responsible for selling the confidential databases came with the announcement on Oct. 25, 2005 by a senior security officer at the bank that they had plugged the channels through which the information had been leaking. The security expert failed, however, to reveal the source of the leaks.
There is every reason to believe that the Central Bank announcement made back in October 2005 still holds true because the latest leak involves information that was available 5-6 months prior to the assurances made by the bank's IT security expert.
“The [Russian] Central Bank is an extraordinarily large, complex and information-rich system. Guaranteeing control over all the confidential information in an organization like that is extremely difficult, and protecting sensitive data from insiders is even more difficult. Nevertheless, the IT security service at the Central Bank has not conceded defeat and is continuing to combat insiders, and, if the announcement made in October is anything to go by, the results can be considered a success. I think I echo the general opinion of Russia's business community when I say that I hope there will be no more leaks of important information from the Central Bank,” says Denis Zenkin, marketing director at InfoWatch.
