We recently discovered that an unknown threat actor is offering Ukraine’s PrivatBank database for sale on a popular hacking forum. According to the post author, the database for sale contains 40 million entries. PrivatBank denies that the data is from their bank.
PrivatBank is the largest commercial bank in Ukraine. According to their website, PrivatBank’s net profit for 2020 was 25.3 billion UAH, which is around $910 million. The database is said to contain 40 million records of customers’:
- Full name
- Date of birth (DOB)
- Taxpayer identification number (TIN)
- Place of birth
- Passport details, including passport number, issue date, issuing department, etc.
- Family status
- Car availability
- Viber contacts, if available
- Mobile phone number
Use our personal data leak checker now to see if your email address has been exposed in previous leaks.
A PrivatBank representative told CyberNews that it does not confirm that the data is from PrivatBank. After an investigation, the bank determined that the data “was created by fraudsters who do not have and have never had access to personal data of any of the Ukrainian banks and institutions,” the PrivatBank representative told CyberNews. “Fraudsters use publicly available pooled resources and pass it off as a supposedly “secret” database.”
Ukraine has a population of 44 million, and the database’s 40 million records would cover 93% of the population. However, it isn’t clear whether these are unique records, and it would be unlikely that PrivatBank has records on 93% of Ukraine’s population (considering ages that wouldn’t have bank accounts). In 2016, when PrivatBank was nationalized, it reportedly had 20 million customers.
The PrivatBank representative further stated: “Since the beginning of 2017, the information security service of PrivatBank has not recorded a single fact of copying or transferring personal data from the bank’s customer base. Personal data of clients is protected by a multi-level security system and copying the database is technically impossible. We were pleasantly surprised that 40 million people were attributed to the number of the bank’s clients, but this figure exceeds the total number of adult population of the country.”
The post author seems to have a trusted status within the community, and is also selling passports, driver’s licenses, vehicle databases and other data from Ukraine, Russia and Mexico.
The post author provided two samples from the database for verification:
The post author is asking $3,400 in bitcoin for the database. When we looked at the bitcoin address provided, it appears that no one has purchased the database yet from that particular wallet. However, it is also possible that the post author is generating a new wallet for each sale, a process that can be done automatically.
PrivatBank’s past troubles
When it comes to cybersecurity, PrivatBank has had its fair share of problems.
In 2016, hackers reportedly stole $10 million from the bank through a loophole in the SWIFT international banking system. Before then, in 2014, the pro-Russian hacker group CyberBerkut claimed credit for hacking into the bank and mining customer data, and then publishing the data on the Russian social media platform VKontakte.
This was an apparent retaliation for a PrivatBank partner who offered a $10,000 bounty for capturing Russian-backed militants in Ukraine. Earlier in 2014, another group named Green Dragon claimed credit for a DDoS attack on PrivatBank, and claimed it accessed customer data during the attack.
In 2016, PrivatBank was nationalized “to protect deposits placed with this bank and rescue the financial system.” At that time, the bank reportedly had 20 million customers.
A 2018 report by a US corporate investigations company stated that “PrivatBank was subjected to a large scale and coordinated fraud over at least a ten-year period ending December 2016, which resulted in the Bank suffering a loss of at least USD 5.5 billion.”
How you should respond
The database contains very sensitive information that can be used for various purposes, including identity theft or phishing attacks at an unprecedented scale. This can be done by using the information included in this database alone, or by combining the data with past data breaches.
Because of this threat, PrivatBank customers are advised to:
- Check if their data has been leaked by using a service such as CyberNews’ personal data leak checker, which currently has more than 15 billion breached accounts.
- Set up identity theft monitoring to make sure that no loans, credit cards or other financial activities have been undertaken in your name.
- Change your passwords immediately and set up multi-factor authentication on important online accounts, as cybercriminals may use the leaked data in social engineering. It’s important to use a unique password for each account you create. Use a trusted password manager to help you with this, as it can create really strong passwords you don’t need to remember.
- Watch out for suspicious emails or phone calls, as they may be phishing attempts. Avoid clicking on links from suspicious emails, and practice caution with any claims or demands made via phone call.
Update February 13: The article has been updated to include the response from a PrivatBank representative denying that the data is from PrivatBank.