Russian Govt sites leak personal, passport details; 2.25 million affected

Cyber Security
Cyber Security Pixabay

Several Russian government sites have leaked personal and passport related information of more than 2.25 million citizens, including government employees and high-ranked politicians.

The co-founder of a Russian NGO called Informational Culture, Ivan Begtin discovered the data leak incident. Later, he wrote on his blog that he carried out an investigation on government online certification centres, 50 government portals and an e-bidding platform, used by government agencies.

His investigation showed that there were 23 compromised sites which were leaking individual insurance account number and there were 14 other sites which were involved in leaking passport information.

Begtin further added that the leaked data of 2.25 million Russian citizens is currently available online and anyone can download these files. He stated that other sites have exposed full names, job titles and working place, email and details related to tax identification numbers of these affected Russian citizens.

Since some of these in exposed data were very hard to identify, Begtin had to extract metadata from digital signature files to find them. It should be noted that there are some data, which could be found while searching for open web directories on government sites, on Google search.

On Wednesday, May 15, Begtin said in a Facebook post that eight months ago he contacted Roskomnadzor, Russia's government agency in charge of data privacy and he tried to notify them several times but the authority didn't do anything to restrain the data leak.

Russian news site RBC has unearthed the passport and personal details of several high-profile Russian government officials, including deputy chairman of the Russian Duma (Parliament) Alexander Zhukov, two ex-deputy prime ministers Arkady Dvorkovich and Anatoly Chubais.

For this leak, Begtin blamed the Russian government for their inconsistency, low-skilled IT staff and lack of monitoring solutions that could have alerted operators about the exposed data.