Christopher J. Miller reports:
A regional head of the U.S.-based financial services and communications company Western Union said he is not worried about recent security breaches at Ukraine’s largest bank which allowed a hacker to obtain sensitive data of Western Union customers, potentially putting them at risk for fraud.
Ulugbek Umarov, Western Union country director for the CIS, Georgia and Israel, told the Kyiv Post that he believes PrivatBank’s banking system is secure and that “as a global money transfer company, we pay attention to customer security, and we do our best to protect our customers and to not let any third parties obtain information in such a way.”
But Western Union transactions sent through PrivatBank’s system that did include sensitive data, such as payer and payee names and personal identification numbers, their addresses and phone numbers, ended up in the hands of an Indonesian self-professed “ethical hacker” who was testing the system for security flaws in hopes of obtaining contract work with the bank.
Miller’s report follows up on his previous coverage of security concerns involving the bank and the bank’s response of threatening the security researcher who sounded the alarm.
Brian Donahue has some background on security vulnerabilities and Privat24, Privatbank’s mobile app.