Anyone who wishes may, for 2,000 roubles (78 USD / 57 Euro) acquire access to “Russia’s Bank Credit Refusals and Stop Lists” database which holds 3 million records of late payment and non-payment of credit, as well as credit refusal. The leaks occurred in Russian Standard, Home Credit and Finance Bank, Rosbank, Finansbank, Impexbank and others. Moreover, the type of records for sale on this database indicate that the data can only have been stolen by insiders. According to InfoWatch experts, financial institutions now have all the necessary means available to them to root out any possibility of data leaks. Moreover, such an indifferent attitude to leaks and insiders by the Russian banks is like playing with fire. This sort of game is the way to play your way right into new, strict Central Bank regulations…
Russian banks are again embarrassed by the poor security of their clients’ private data and control of their internal staff. On this occasion, a database of the major Russian banks’ borrowers has appeared on the black market. It also contains details about private persons who have been refused credit, says the Russian business newspaper, Kommersant.
This is one of the biggest data leaks from Russian banks of all time. As usual, the sellers gave their wares a simple and unambiguous title: “Russia’s Bank Credit Refusals and Stop Lists”.
The database contains the borrower’s name, telephone number, home address, place of work and reason for entry into the database – whether for late payment of credit, refusal of credit, or some other compromising factor (such as legal proceedings against the applicant). The source bank which provided the details is also shown. Ten Russian banks contributed to the database, including: Russian Standard, Home Credit and Finance Bank, Rosbank, Finansbank, and Impexbank – in other words, the major players on the consumer credit market. What’s more, the presence of information in the dataset relating to credit refusal – in the opinion of experts – indicates the source of the leaks: The banks’ own security services.
Of course, this is not the first leak of a private database from Russian banks this year. The InfoWatch analytical center has already looked at a data leak of unprincipled borrowers of the First Mutual Credit Bank and the database of Russians’ credit histories. Both private databases went on sale in August, 2006. What’s more, the black-market sellers back then dubbed their future sales item – as yet unreleased – the “anti-credit” database. As InfoWatch experts point out, the illegal traders have kept their word.
It is worth noting that the recent leak has resulted in an increase in the illegal banking information market of more than 500%. In August, the credit history database contained around 700,000 records and the First Mutual Credit Bank’s database around 3,000. But now, approximately 4 million records are held. In the opinion of market participants, the illegal market in credit histories will soon be greater than the legal one, and according to the Bank of Russia, 23 Russian credit history agencies have, over two years, managed to collect 10 million borrowers’ records.
According to Kommersant, market participants are in no doubt as to the source of this leak of confidential banking information. The database must have been put together by the security services of the banks themselves since the database contains details not only of late credit payment, but also of refusal of bank credit. Such information is only available to a bank’s security service or IT department. Market participants also see more such leaks happening in the future. Many bankers suggest that such databases represent an attempt at unfair competition between the banks themselves.
Denis Zenkin, InfoWatch’s Marketing Director said, “It’s clear that, today, the level of defence against insiders and information leaks impacts directly on banks’ competitiveness. What’s more, I fail to understand those banks which permit data leaks to occur. In the first place, full-spectrum solutions for identifying and preventing leaks have existed for some time and are used by market leaders. And in the second, the Bank of Russia produced its Standard of IT Security more than two years ago. All that is required is to implement this standard in a company. But some market participants demonstrate total indifference to the issue of protecting data from leaks. I think this may provoke regulators to make their Standard compulsory, and all such preconditions for them doing so are in place.”
Source: Kommersant