Media Reports New Sberbank Data Leak Involving Call Center Recordings

The publication “Kommersant” has reported another data leak at Sberbank. This time, a database containing not only the personal data of Sberbank clients but also recordings of their most recent conversations with the bank’s call center has appeared online. According to journalists, the database went up for sale on the dark web on October 13 of this year. One of the sellers claims to have a database of bank clients with loans or credit cards. The dump contains a million entries with full details (passport information, registration, residential addresses, phone numbers, account numbers, and outstanding balances or debts), collected from 2015 up to the present (in just three weeks in October, the database grew by 19,283 entries).

The information is being sold in any quantity, meaning buyers can specify criteria for their selection, such as region, card balance, or debt amount. The most unusual offering is the ability to obtain a recording of the client’s last call to the bank. The seller offers to provide this recording upon request.

Journalists contacted the seller and reviewed a sample fragment of the database, which contained data on clients who were overdue on their loans and credit cards. Based on the “TB” (territorial bank) column, the sample included data from ten of Sberbank’s eleven territorial banks. Some clients had multiple entries if they had several active loans. The “Date of Delinquency” and “Number of Days Overdue” columns indicate the data was extracted on September 25. According to the seller, audio recordings are extracted “from the workplace,” meaning during business hours. The seller admitted to being a reseller and sells each entry for 30 rubles. He claims the database is a list of debtors who have missed loan payments.

Sberbank’s press service denies any new data leak. “There have been no such leaks of clients’ personal data at Sberbank or its subsidiaries,” the bank stated.

“Kommersant” also quoted Ashot Oganesyan, founder and CTO of DeviceLock, who believes the dump could be real: “Given that the seller mentioned the possibility of obtaining call recordings, the data may have leaked from an external call center handling debtors,” Oganesyan suggested.

Journalists from “Izvestia” also purchased and examined a sample of the database, confirming its authenticity using the Sberbank Online app, where a recipient’s name, patronymic, and the first letter of their last name can be seen when transferring money by phone number. According to the publication, the dump contains information on 11,500 people who took out loans at Sberbank.

Background: Previous Sberbank Data Leak

Earlier in October, another Sberbank client data leak was reported. According to “Kommersant,” data on 60 million cards (both active and closed, as the bank currently has about 18 million active cards) was being sold on the black market. The bank acknowledged the leak but stated it affected only 5,000 people.

An internal investigation by Sberbank’s security service and law enforcement identified an employee born in 1991, a sector head in one of the bank’s business divisions, who had access to the databases as part of his job and attempted to steal client information for personal gain.