It is suspected that the user information of multiple banks and other financial institutions has been stolen and has been denied by banks

A few days ago, millions of customer data suspected of many domestic banks and other financial institutions were sold on RAID FORUMS, an overseas hacker forum, including customer mobile phone numbers, names, ID numbers and contact addresses.

For example, a user on the forum sold ABC ’s customer information, with more than 900,000 pieces of information, the initial quotation was $ 3,999, and the sale price was $ 2,500 at the second release; Institutions, including more than 800,000 pieces of Bank of Shanghai user information, more than 400,000 pieces of Industrial Bank credit card user information, 100,000 pieces of Pudong Development Bank user data, and China Merchants Bank data, etc.

Among them, the data of Shanghai Pudong Development Bank and Bank of Shanghai mostly involve the customer's mobile phone number, name, gender, ID number, contact address, etc.

In response, a bank official told the First Financial Reporter that he has paid attention to this matter and is arranging investigations by relevant departments. Among them, a few data are true, but most are wrong. And the data does not contain bank account information, it is impossible to prove that it is bank data, nor can it be judged that it was leaked from the bank.

For example, in the exposed customer information of Shanghai Pudong Development Bank, in addition to the complete name, gender, mobile phone number, ID number, etc., the address information column is marked with the words "New Dynamic Zone 20 Yuan SMS Package", which makes its source doubtful. Some people in the banking industry said that some data may not belong to bank data, but in order to sell at a higher price, the pirate marked it as bank data, because the price of bank data is the highest in the market.

Relevant persons of Industrial Bank also told the First Financial Reporter that the criminals posted on the hacker website claiming that they can sell the so-called multiple bank customer information data, the industry attaches great importance to it. After in-depth verification and comparison, the so-called "Industrial Bank credit card" is confirmed. The "customer information" does not coincide with the actual customer information elements of the bank, and it does not exclude that the criminals forged and sold the so-called bank customer information to obtain improper benefits.

However, in the agricultural bank customer information provided by the pirate seller, the bank card number, the affiliated branch and other items are involved. The First Financial Journalist verified the Agricultural Bank of China. As of this writing, the Agricultural Bank has not responded.

Recently, with the advancement of the bank ’s digital transformation, data protection has been paid more attention. The reporter learned that many banks have established a security specification system covering applications, clients, networks, servers and other fields according to requirements. The big data service platform and its data shall be subject to key protection.

Prior to this, the "Guidelines for Data Governance of Banking Financial Institutions" issued by the China Banking and Insurance Regulatory Commission also specifically mentioned that if personal information collected and applied by banking financial institutions involves personal information, it should comply with the requirements of national personal information protection laws and regulations and meet the requirements of personal information. National standards related to safety.

Duan Siyu