Freedom Finance admits data leak of 16,000 clients
MOSCOW. Dec 25 (Interfax) - The broker Freedom Finance has admitted the leak of data on 16,000 clients, saying the data dated 2018, Timur Turlov, founder and general director of the broker, said on his Instagram account.
It was earlier reported that the broker client's data had appeared on several shadow forums. Ashot Oganesyan, founder of Data Leakage & Breach Intelligence (DLBI), reporters this information on his Telegram channel.
He said the seller claimed possessing information on the company's 16,000 clients and also employees (including their logins and passwords to various services), 12GB of files in all. The files put up for sale contain full names, passport details, phone numbers, extracts, signatures, bank account details and balances.
"Colleagues and partners, we had an extremely unpleasant and shameful incident in information security happen yesterday. Cyber extortionists attacked a segment of our internal network and stole some data from local machines of some employees in Russia. These machines are related to employees of the Russian broker providing access to the Russian stock market and almost the entire package is dated 2018," Turlov said on Friday.
The data includes scanned copies and some paper-based orders, some reports on checks with AML/CFT databases and some 400 files on the recognition of investors as qualified, he said. "Among them there are practically no clients who opened accounts on the U.S. market, we started doing that through a Russian broker in 2019. There are no international clients among them. The cyber extortionists who attacked us definitely did not gain access to CRM, to back office reports, to trading site data. No passwords of our clients were compromised. Nevertheless, it is obvious that that we botched the whole thing and we let some of our Russian clients down. I am very ashamed for everything that has happened," he said.
"No doubt, we have now fully cleansed the network and all local machines, we have adjusted it and we are convinced that data is not leaking anymore. How did it happen? In the same way users are attacked: one of our employees received a fishing letter, which he opened and ran on a local machine, despite a warning from the security system. And then all weak points of our protection were revealed," he said.
"Why did they hack us? They had one simple goal: blackmailing with publication in the media for the purpose of extortion. A la, pay us a million dollars in bitcoins or we will send a press release saying that we have stolen your data to all media in the country and they will tear you apart. No one will investigate," Turlov said.
Freedom Holding Corp. offers financial services in seven countries. The company trades its shares on NASDAQ and is 72.7% owned by its CEO Timur Turlov. In Russia, the company operates through its subsidiary Freedom Finance and an eponymous bank.