The microfinance company’s database with passport data, phone numbers and residential addresses was made publicly available.
Credit histories of more than 1 million Russians with data of mobile operators obtained from the Bureau of Credit Histories (BKI) were in the public domain since the end of August. Independent cybersecurity researcher Bob Dyachenko first discovered this data on October 10. According to him, he reported a problem to the BKI, after which the database was closed.
However, it is not known whether anyone had time to download the publicly available information. As Dyachenko noted, specialized search engines indexed it on August 28.
According to media reports, the database could belong to GreenMoney microfinance company, which gave the online loans. It contains passport data of borrowers, other documents, addresses of registration and actual place of residence, phone numbers, information about loans.
GreenMoney CEO Andrei Lutsyk said that an audit is being carried out on what happened. According to him, the company complies with all requirements for the storage and processing of personal data provided by law.
Information security expert Vitaliy Vekhov noted that any leak of personal data carries risks for its owners. In this case, he believes, it is important to understand exactly what information appeared on the Internet.
"For example, passport data alone do not carry anything. According to a photocopy of the passport, as you know, nothing can be issued. If we are talking about the data of Bank cards, they can be used only if there is a CVV code, and it is not in the data of credit histories," the expert explained.
According to Vekhov, at the sa ..