Hacker Selling 40 Million Ukrainian Bank Customer Records

  • Someone is selling millions of records on hacker forums, affecting the entire Ukrainian population.
  • The most prominent offering is a database that allegedly belongs to ‘PrivatBank,’ Ukraine’s largest bank.
  • The particular financial institute has had a very troublesome modern history, particularly in regards to cybersecurity.

The largest bank in Ukraine, ‘PrivatBank,’ has had an undisclosed data breach in the recent past, as the sensitive information of a large number of its clients has appeared on popular hacker forums in the form of a purchasable package. The database contains over 40 million records of the bank’s clients, exposing them to phishing, scamming, identity theft, bank fraud, and generally a wide range of exploitation potential.

More specifically, the seller advertises the following details:

  • Full name
  • Date of birth (DOB)
  • Taxpayer identification number (TIN)
  • Place of birth
  • Passport details, including passport number, issue date, issuing department, etc.
  • Family status
  • Car availability
  • Viber contacts, if available
  • Education
  • Mobile phone number

Considering that the entire population of Ukraine is 44 million, a significant portion of these records must be duplicates. Another possible explanation is that the bank serves foreigners too, but the seller isn’t mentioning anything like that, and it’s not very probable.

It is noteworthy that the same seller is also offering 93 million data of Mexican citizens (full names, DoBs, addresses), 10 million Ukrainian Vodafone subscriber details, Kyivstar and Lifecell data (13 million and 3 million respectively), Ukrainian and Russian car database (traffic police), 1 million Nova Poshta data, and 7.5 million Ukrainian passports. These, however, are separate offerings sold individually.

Source: KELA

The price tag for the database was set to about $3,400 in Bitcoin, and the number of purchases is unknown. Researchers at CyberNews who checked the provided address confirm that it’s empty. Still, the seller may be using a new address after each sale to maximize their chances of getting to keep at least part of that money, even if some of the addresses get reported.

PrivatBank has had a troublesome past when it comes to cybersecurity, so the data that’s offered for sale right now could be just a repackaging of older leaks. In 2018, it was revealed that the financial institution had fallen victim to a large-scale ten-year fraud that resulted in them losing $5.5 billion.

In 2016, hackers stole $10 million from the bank by exploiting a loophole in the SWIFT system. And in 2014, Russian hackers of the “CyberBerkut” group stole client data and published it on the ‘Vkontakte’ social media platform.

REVIEW OVERVIEW

Latest

Chinese State-Supported Actors Target India’s Power Grid

Chinese hackers are systematically targeting key power grid units in India, creating disruption when needed.The hackers have been engaging in this activity...

More iPhone 13 Rumors Claim the Existence of 1TB Storage Option

The iPhone 13 is rumored to offer a 1TB storage option on the top of the range.Moreover, the new generation will feature...

‘RuTracker’ Crowdfunds the Seeding of Old and Rare Torrents

Torrent tracking platform ‘RuTracker’ is crowdfunding the expansion of its seeding storage.The site wants to support older, rare, and generally hard-to-find torrents...