Hacker Selling 40 Million Ukrainian Bank Customer Records

  • Someone is selling millions of records on hacker forums, affecting the entire Ukrainian population.
  • The most prominent offering is a database that allegedly belongs to ‘PrivatBank,’ Ukraine’s largest bank.
  • The particular financial institute has had a very troublesome modern history, particularly in regards to cybersecurity.

The largest bank in Ukraine, ‘PrivatBank,’ has had an undisclosed data breach in the recent past, as the sensitive information of a large number of its clients has appeared on popular hacker forums in the form of a purchasable package. The database contains over 40 million records of the bank’s clients, exposing them to phishing, scamming, identity theft, bank fraud, and generally a wide range of exploitation potential.

More specifically, the seller advertises the following details:

  • Full name
  • Date of birth (DOB)
  • Taxpayer identification number (TIN)
  • Place of birth
  • Passport details, including passport number, issue date, issuing department, etc.
  • Family status
  • Car availability
  • Viber contacts, if available
  • Education
  • Mobile phone number

Considering that the entire population of Ukraine is 44 million, a significant portion of these records must be duplicates. Another possible explanation is that the bank serves foreigners too, but the seller isn’t mentioning anything like that, and it’s not very probable.

It is noteworthy that the same seller is also offering 93 million data of Mexican citizens (full names, DoBs, addresses), 10 million Ukrainian Vodafone subscriber details, Kyivstar and Lifecell data (13 million and 3 million respectively), Ukrainian and Russian car database (traffic police), 1 million Nova Poshta data, and 7.5 million Ukrainian passports. These, however, are separate offerings sold individually.

Source: KELA

The price tag for the database was set to about $3,400 in Bitcoin, and the number of purchases is unknown. Researchers at CyberNews who checked the provided address confirm that it’s empty. Still, the seller may be using a new address after each sale to maximize their chances of getting to keep at least part of that money, even if some of the addresses get reported.

PrivatBank has had a troublesome past when it comes to cybersecurity, so the data that’s offered for sale right now could be just a repackaging of older leaks. In 2018, it was revealed that the financial institution had fallen victim to a large-scale ten-year fraud that resulted in them losing $5.5 billion.

In 2016, hackers stole $10 million from the bank by exploiting a loophole in the SWIFT system. And in 2014, Russian hackers of the “CyberBerkut” group stole client data and published it on the ‘Vkontakte’ social media platform.

Latest
How to Watch European Athletics Championships 2022 Online From Anywhere
The Athletics action is about to get underway at the 2022 European Championships, and we cannot wait to watch our favorite track...
How to Watch Legacy: The True Story of the LA Lakers Online From Anywhere
A new documentary series featuring LeBron James, Shaquille O'Neal, Magic Johnson, and more will soon premiere, and we're excited to watch it...
How to Watch Sky High Club: Scotland and Beyond Online From Anywhere
The show that tells the stories of the young crew members of the UK's largest regional airline will premiere soon, and we...
For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: Chrome, Edge, Firefox, Safari
[class^="wpforms-"]
[class^="wpforms-"]
[class^="wpforms-"]
[class^="wpforms-"]