Bulgaria’s DSK Bank Fined $569,930 For A Data Breach That Affected 33,000 Clients

Bulgaria’s DSK Bank, a unit of Hungary’s OTP Group, has been fined 1 million levs ($569,930) for a data breach that affected over 33,000 clients, as reported by Reuters. The Bulgarian personal data watchdog said the full names, addresses, copies of ID cards as well as bank account numbers and property deed data of 33,492 people who have taken loans from the bank had been improperly disclosed and accessed by third parties. Personal data of loan guarantors, spouses and contracting parties that were part of over 23,000 loan dossiers had also been breached.

Subscribe
Notify of
guest
2 Expert Comments
Most Voted
Newest Oldest
Inline Feedbacks
View all comments
Jake Moore
Jake Moore , Cybersecurity Specialist
InfoSec Expert
August 29, 2019 12:23 pm

When it comes to personally identifiable data, financial and medical data have the highest target rate. Phone or email scams relating to this type of personal information have the highest success rate, , and this type of data is more valuable in ongoing scam attacks.

Having property deed data exposed can also lead to a wave of phishing attacks, as in some cases property deals can be very time-sensitive. Generating attacks based on known deals or potential sales with known personal data attached to them could reap large rewards.

If you\’re sending large sums of money or other personal information, always verify the receiver and be very wary of potential transactions, especially if the receiving financial account has changed at the last minute.

Last edited 2 years ago by Jake Moore
Dr Guy Bunker
InfoSec Expert
August 29, 2019 12:31 pm

While we often think of the quantity and value of the data commercial organizations hold, we often forget the quantity and value that governments hold on their citizens. This attack serves as a stark reminder that the government holds critical data on all its citizens – and in a variety of places. Whether it is around personal taxation, or whether you are allowed to drive a car; whether you are a child, or a pensioner.

Much of the data held could be used to spoof the identity of the individual, should it be compromised. Driving licence numbers can be just as useful as National Insurance Numbers or Social Security numbers to cyber criminals who want to pursue a phishing scam based on this information. The vast quantities of information held by the government and the different departments of government are a honey-pot for any cyber-attacker – and so there need to be suitable protection around it.

Furthermore there needs to be enhanced ongoing monitoring around access to ensure that there isn’t a persistent threat, leaking data slowly but surely, or that there are compromised credentials being used to create reports and the data being leaked (stolen) that way. Governments need to continue to invest in advanced cyber-security solutions to stay ahead of the criminals – and be able to rapidly respond in the event of an incident. Sharing information between governments is critical in order to maintain and improve the security of citizen information across the globe.

Last edited 2 years ago by Dr Guy Bunker
Information Security Buzz
2
0
Would love your thoughts, please comment.x
()
x