MTBank: in the wake of Megafon

    Before the news about SMS, “leaked” for free access from Megafon’s website, they managed to make up for it, as a similar calamity overtook one of the famous Belarusian banks.

    Some time ago, a famous Belarusian photographer Anton Motolko tweeted that www.mtb.by/data/anketa/po_domashnemu had personal information about people who had applied for a loan. A quick pick showed that a lot of other information is available in the / data / directory on the server - from employee photos to credit (as suggested in the comments, debit) cards with mother's maiden name and other passport details.

    By rough estimates, the number of available questionnaires exceeds 5,000.

    At the moment, the addresses are already closed, but who knows how many copies were made?



    UPD: an official commentary of the Bank appeared . In short: the questionnaires were filled out not by the bank’s customers, but by those who want to become them, no one knows if they have become customers, so it’s safe to disclose this information. In addition, passport data “leaked” from a server that is outsourced from another company. Those who nevertheless became customers of the bank were apologized.

    UPD2: Text of an official response from the management of MTBank:

    “In the evening of August 10, 2011 , information about a technical malfunction appeared on the bank’s website, as a result of which information on electronic applications about the possibility of obtaining bank services was temporarily available.

    An official commentary on the situation from the management of MTBank CJSC:
    This is not about the list of MTBank customers, but rather about the list of individuals who contacted the MTBank website directly by filling in electronic preliminary applications. It is not possible to find out from the content of the indicated applications what the outcome of their consideration is and whether as a result the applicants have become bank customers or not, and even more so to obtain information about the conditions of the concrete agreements concluded.

    It is also important that this information became available not from the bank’s internal servers, where information about customers directly and whose protection is provided in full is stored, but from the external servers of the contracting company that provides hosting services for the Bank’s website. To date, experts have eliminated all the consequences of the failure and prevented such problems in the future, having deeply analyzed the circumstances of its occurrence. Currently, www.mtbank.by is operating normally.

    At the same time, MTBank fully shares responsibility for the circumstances along with its partners and apologizes to the Clients and Internet users for the inconvenience. "The bank is conducting internal proceedings, the results of which will take strict measures to those responsible."

    Also popular now: