Russian government sites have been breached, exposing both personal and passport information. The privacy data breach includes information of high-ranking government employees and politicians.
According to a report by The Moscow Times, at least eight government websites were affected by the breach. Personal details of more than 350,000 individuals were exposed. However, ZD Net reports, the number actually reached a whopping 2.25 million people.
Deputy chairman of the State Duma Alexander Zhukov, former deputy prime minister Arkady Dvorkovich, and minister Anatoly Chubais were affected. Anatoly Chubais is also the current head of Rosnano, the state-owned nanotechnology facility, reports The Moscow Times.
In-Depth Information on the Leaks
ZD Net states that Ivan Begtin, the co-founder of the Russian non-governmental organization (NGO) Informational Culture, discovered the privacy data breach. After the discovery, RBC reports that Begtin performed research on the information from various governmental systems. These include the Ministry of Finance and Ministry of Justice among others.
In addition, ZD Net notes that Begtin also investigated 50 government portals, government online certification centers, and an e-bidding platform used by a variety of agencies. In total, the research analyst was able to yield 23 sites providing insurance account numbers while 14 websites provided passport data.
Other information leaked to the public includes the full name, job description and employer details, tax identification numbers, and email addresses.
RBC reports that Begtin reached out to Roskomnadzor eight months ago, the Russian government agency assigned for data privacy services. However, ZD Net notes that the agency failed to take appropriate action to secure the information despite being aware of the situation, stating that the disclosure of such information was legal.
Without action from Roskomnadzor, Begtin decided to turn over his research to the Russian news site RBC. The research analyst blames the government’s lack of action for the leaks as well as the decline of professionalism in the IT development industry, noted by The Moscow Times.
Ivan Begtin posted his research on a 3-part Facebook blog post prior to turning his investigation over to RBC.
Penalty for Privacy Data Breach
Contrary to the statement released by Roskomnadzor, RBC reports that personal data disclosure is illegal. As such, the Code of Administrative Offenses will impose fines up to 75,000 rubles per individual whose personal data is found online.