SBU detains bank employee suspected of passing military personnel data to Russia — risks for defenders and banking infrastructure
In Kyiv, a bank employee was detained whom investigators suspect of passing on personal data of soldiers and volunteers. We examine how it worked, what threats it poses, and what the investigation will change.
By Tetiana Suchkova-Ladik
February 9, 2026 · 2 min read
What happened
Employees of the Security Service of Ukraine (SBU) detained an employee of a commercial bank in Kyiv. According to the investigation, the 40-year-old head of the information security department allegedly passed on personal data of clients — primarily military personnel and volunteers who used the bank's services — to Russian handlers.
"Employees of the Security Service of Ukraine detained an employee of a commercial bank in Kyiv."
— SBU press service
How, according to the investigation, it worked
The SBU reports that the suspect came to the attention of Russian intelligence services due to activity on a banned social network. Then — several stages: reconnaissance of locations (photographing deployment points in Kyiv), gathering data on client "targets," and an attempt to provide the occupiers with the coordinates of a backup data center where the bank's database is stored.
Law enforcement officers documented correspondence with the handler and seized several devices during a search: four smartphones, replaceable SIM cards "for concealment," and three laptops. The SBU also reports finding contacts with the FSB among the discovered data.
What risks this creates
Personal data of military personnel and volunteers are not just numbers in a database: security experts estimate such data can be used to plan terrorist attacks, information sabotage, and recruitment. This means that the leak of even part of the information increases risks for specific individuals and units.
Beyond individual threats, the incident undermines confidence in security procedures in the banking sector and raises questions about the protection of backup infrastructures relied upon by both public and private services.
Evidence and legal perspective
Investigators have notified the man of suspicion of state treason; he has been arrested without the right to bail. According to the investigation, he faces life imprisonment with confiscation of property. In response to journalists' questions about the bank's name and whether data reached the enemy, the SBU refers to the secrecy of the investigation — there is no answer yet, LIGA.net reports.
What this means for citizens and banks
For clients — a reminder of basic digital hygiene rules: minimize public mentions of military service, choose strong passwords, and enable additional verification mechanisms. For banks — a signal to strengthen control over database access, audit logs, and internal compliance.
Conclusion
The incident in Kyiv is an example of how the combination of human factors and external pressure turns routine operational processes into a security weakness. While the investigation continues, the key question is whether the banking sector and the state can quickly turn the lessons learned into concrete measures that will protect people and infrastructure from similar threats in the future.
