Roskomnadzor interested in leaking the base of employees of Sberbank

A week ago, an unknown person posted a database of Sberbank employees on the phreaker.pro forum in open access . The leak is a spreadsheet of about 48 megabytes in size, which contains 421,643 records (the login.csv.zip file of 8.6 MB in size is not hard to find, although it has already been removed from the forum). The authenticity of the database is partially verified: it contains real full names of employees and their logins in the internal system, which coincide with email addresses. On the basis of which you can determine in which division each of them is listed.

Although similar bases are being posted every day in underground forums, this time the information got into the media, and Roskomnadzor had to react. The press service of the regulator reportedthat “Roskomnadzor sent a corresponding request to Sberbank” in connection with the leakage of the base.

After the leak, the press service of Sberbank reported that they "know about the publication of part of the address book of employees." The published information "does not pose any threat to automated systems and customers," the bank assured. It is available to all Sberbank employees and “does not bear the threat of disclosing their personal data.”

Surface authentication confirmed the authenticity of the database. In particular, there are three correct e-mail addresses of the president of the bank, German Gref. The authenticity of the database was confirmed by one of the employees of Sberbank and a representative of a third-party organization related to the information security of the bank.

The problem was reported to German Gref, who expressed his displeasure, a source told Kommersant in the bank.

According to 152-ФЗ, the definition of personal data includes any information relating to directly or indirectly determined or determined by an individual. In this case, it is the name + place of work.