Main points
- Russian hackers hacked the NBU online store, stealing users' personal data, but financial data remained safe.
- The cyberattack was targeted at the contractor through a supply chain attack. Now there is a risk of phishing using stolen data.
Cyberattack on NBU contractor – what are the consequences for buyers / Collage 24 Channel/Depositphotos/Freepik
The online store of numismatic products of the National Bank of Ukraine became a victim of a cyberattack. A dump with hundreds of thousands of user records appeared on the network. Some of the personal information could have reached the attackers. Is the financial data safe – further.
What is known about the extent of the leak?
This is an online store operating at coins.bank.gov.ua. It is currently unavailable. The National Bank indicates that “technical work is being carried out on the site,” writes 24 Kanal .
Economist Volodymyr Kompaniets was the first to report the incident on his Facebook page. According to him, Russian criminals had uploaded “personal information about all customers” of the service.
A few hours later, the National Bank of Ukraine itself confirmed the cyberattack. They noted that attackers were able to access the personal information of the online store's users, namely: names, surnames, phone numbers, email addresses, and delivery addresses for numismatic products.
At the same time, the regulator emphasized that payment card details and other information related to banking transactions were not leaked:
None of your financial data – payment card details, other confidential information related to banking transactions – has been compromised,
– says the NBU statement.
Along with this, special resources that track information leaks write that a database with 266,999 records has appeared on closed forums. In particular, the Russian resource “Information Leaks” claims that it allegedly contains email addresses, including 487 addresses in the @bank.gov.ua domain, phone numbers, and hashed passwords.
Attack target
The NBU also clarified that the direct cyberattack was on a contractor servicing the store. The statement explained that the incident occurred as a result of a so-called supply chain attack – a common tactic when hackers attack not the target itself, but the contractor as the weakest link. Similar cases have previously occurred around the world – in particular with companies SolarWinds, Kaseya and ASUS.
According to the bank, the architecture was designed to isolate contractors from critical information systems. This, the regulator claims, prevented infiltration of internal systems and bank data.
What are the threats now?
Users have been warned about the risk of phishing. The data obtained can be used for fraudulent schemes – attackers can call, posing as official structures, and have details that create the illusion of authenticity. Among the registered customers may be employees of the NBU of various levels.
The regulator emphasized that NBU employees do not send letters asking to confirm data, do not call to clarify payment card details, do not ask to pay for orders using alternative methods, and do not send links for “urgent verification.”