Hacker Selling 40 Million Ukrainian Bank Customer Records

  • Someone is selling millions of records on hacker forums, affecting the entire Ukrainian population.
  • The most prominent offering is a database that allegedly belongs to ‘PrivatBank,’ Ukraine’s largest bank.
  • The particular financial institute has had a very troublesome modern history, particularly in regards to cybersecurity.

The largest bank in Ukraine, ‘PrivatBank,’ has had an undisclosed data breach in the recent past, as the sensitive information of a large number of its clients has appeared on popular hacker forums in the form of a purchasable package. The database contains over 40 million records of the bank’s clients, exposing them to phishing, scamming, identity theft, bank fraud, and generally a wide range of exploitation potential.

More specifically, the seller advertises the following details:

  • Full name
  • Date of birth (DOB)
  • Taxpayer identification number (TIN)
  • Place of birth
  • Passport details, including passport number, issue date, issuing department, etc.
  • Family status
  • Car availability
  • Viber contacts, if available
  • Education
  • Mobile phone number

Considering that the entire population of Ukraine is 44 million, a significant portion of these records must be duplicates. Another possible explanation is that the bank serves foreigners too, but the seller isn’t mentioning anything like that, and it’s not very probable.

It is noteworthy that the same seller is also offering 93 million data of Mexican citizens (full names, DoBs, addresses), 10 million Ukrainian Vodafone subscriber details, Kyivstar and Lifecell data (13 million and 3 million respectively), Ukrainian and Russian car database (traffic police), 1 million Nova Poshta data, and 7.5 million Ukrainian passports. These, however, are separate offerings sold individually.

Source: KELA

The price tag for the database was set to about $3,400 in Bitcoin, and the number of purchases is unknown. Researchers at CyberNews who checked the provided address confirm that it’s empty. Still, the seller may be using a new address after each sale to maximize their chances of getting to keep at least part of that money, even if some of the addresses get reported.

PrivatBank has had a troublesome past when it comes to cybersecurity, so the data that’s offered for sale right now could be just a repackaging of older leaks. In 2018, it was revealed that the financial institution had fallen victim to a large-scale ten-year fraud that resulted in them losing $5.5 billion.

In 2016, hackers stole $10 million from the bank by exploiting a loophole in the SWIFT system. And in 2014, Russian hackers of the “CyberBerkut” group stole client data and published it on the ‘Vkontakte’ social media platform.

REVIEW OVERVIEW

Latest

Why Is Demon Slayer So Popular?

In August 2019, the world suddenly started talking about an anime series that had just released its nineteenth episode. Fast forward to...

F1 Live Stream 2022: How to Watch Formula 1 Without Cable

There's not much time until the 2022 Formula 1 World Championship gets underway - the first race is scheduled for late March,...

Disney+ Announces Basketball Series Inspired By Award-Winning Book The Crossover

Disney Plus announced a new basketball-themed drama series that is set to land on the streaming platform, drawing inspiration from the critically...
For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: Chrome, Edge, Firefox, Safari