Ukrainian hackers claim breach of Russian loan company linked to Putin’s ex-wife

The pro-Ukraine hacking group Cyber Alliance has claimed responsibility for a cyberattack on CarMoney, a Russian microfinance company linked to the former wife of President Vladimir Putin. 

CarMoney confirmed earlier this week that it had suffered a cyber incident, forcing it to shut down all systems after attackers sent spam messages to customers claiming the company was closing its business, donating its proceeds to charity and writing off all debts. The organization has not attributed the attack to Ukrainian hackers or disclosed the full extent of the breach.

CarMoney, one of Russia’s largest microfinance firms, issues short-term loans secured by vehicles. According to independent Russian media, Putin’s ex-wife, Lyudmila Ocheretnaya, controls the company through a network of offshore entities.

The hackers said their attack destroyed CarMoney’s infrastructure and compromised “terabytes of data.”

While CarMoney has assured clients and investors that no personal data was affected, the hackers claim they obtained information on a large number of borrowers, including members of Russian military units and intelligence officers.

The hackers shared screenshots on Telegram but the data’s  authenticity could not be independently verified. While CarMoney’s website remains operational, customers have reported ongoing payment service disruptions and difficulties accessing their accounts.

CarMoney has said it will waive late fees, refrain from reporting delays to credit bureaus and introduce a bonus program once its systems are restored.

The Ukrainian Cyber Alliance, a community of pro-Ukraine cyber activists formed in 2016, has targeted Russian entities since the invasion of Ukraine nearly three years ago. 

Earlier in January, the Ukrainian Cyber Alliance claimed the attack on the Russian internet provider Nodex. The company confirmed that the incident “destroyed” its infrastructure and affected connectivity for both fixed-line and mobile services.

Last October, the group claimed responsibility for disrupting parking enforcement in the Russian city of Tver. The year before, the hackers claimed to have breached Russia's national card payment system and obtained user data.