What the investigation found
The Security Service and the Prosecutor’s Office have completed the investigation into a 40‑year‑old employee of the information security department of one of Kyiv’s commercial banks. According to the investigation, the suspect systematically passed photos, videos and exact coordinates of military sites in the capital to representatives of a Russian intelligence service, which he covertly recorded while moving around the city.
"According to SBU cyber specialists, the suspect collected personal data of the financial institution’s clients among Armed Forces soldiers and military volunteers for the enemy. The occupiers could have used this information to prepare terrorist attacks, information sabotage and recruitment operations against Ukrainian defenders"
— Security Service of Ukraine
How the scheme worked
The investigation alleges that, for money, the detainee sent photo materials and coordinates to his handler via a messenger app—information the enemy used to prepare and adjust shelling. Using his official position, he also passed on information constituting banking, commercial and official secrets.
"In addition, using his official position, he provided representatives of the aggressor state with information constituting banking, commercial and official secrets"
— Office of the Prosecutor General
During a search, investigators seized four smartphones, multiple SIM cards used to avoid detection, three laptops and other means of communication with the specified contacts. According to the investigation, he intended to—or had already—transmitted the coordinates of a backup data center where the bank’s and its users’ databases are stored.
Legal qualification and proceedings
Prosecutors from the Office of the Prosecutor General filed an indictment with the court under Part 2 of Article 111 of the Criminal Code of Ukraine (treason). The court remanded the detainee in custody without the right to bail. According to the charges, he faces life imprisonment with confiscation of property.
Why this matters
This case combines three risks in one: first, a direct threat to the lives and safety of soldiers through the transfer of personal data; second, a threat to urban infrastructure through the adjustment of shelling; third, the compromise of trust in financial institutions, which undermines economic resilience during wartime. Cybersecurity experts and investigators emphasize: insider breaches can be more dangerous than external attacks if they are not identified in time.
What needs to change
The core risk is not only the individual "agent" but the accesses and procedures that allowed him to accumulate and export data. Practical steps needed include strengthening internal corporate controls, segmenting access rights, conducting regular cybersecurity audits and ensuring prompt information sharing between banks and law enforcement. This is not mere rhetoric, but real prevention of new incidents.
Conclusion
The investigation is complete and the case has been sent to court — but security remains a systemic issue. Are measures in critical sectors sufficient to prevent similar leaks in the future? The answer depends on how quickly technical and organizational changes are implemented in institutions that have access to sensitive data.
