A new incident violation data has recently occurred, exposing 2,25 personal data and passports to millions of people. The leak was done by Russian government sites and includes information on citizens, government officials and politicians.
Η leakage of the information was revealed by Ivan Begtin, co-founder of the non-profit organization Informational Culture.
Begtin made a survey of government certification centers, government portals, and an e-auction platform, also used by the government.
Begtin discovered that there were 23 sites that displayed the individual account number (corresponding to the social security number). Still, he found 14 sites displaying passport information for millions of citizens.
This means that everyone could have access to this information and steal it, since it was available on the internet without any protection.
In addition to social security numbers and passports, other information, such as names, titles, and jobs, emails and tax numbers.
Begtin noticed that it was not easy to see all the information. However, it was not impossible, especially for someone who knows how to search, such as hackers. On the other hand, there was information that could be found by simply making Google search.
Begtin said he had contacted Roskomnadzor, Russia's government agency for the protection of personal data, before 8 months, and had informed them of the problem. But it seems that no effort has been made to protect government sites.
After seeing that there was no response from the government service, Begtin tried to talk about it publicly by publishing three blog posts in April. But now, he revealed his findings on the Russian news site RBC, to be known to everyone.
Some of the personal data and passports that leaked belong to politicians, such as the Deputy Speaker of the Russian Duma, Alexander Zhukov, former Deputy Prime Minister Anatoly Chubais, and former Deputy Prime Minister Arkady Dvorkovich.
Begtin blames the government for the huge data leakage and believes that changes need to be made to ensure greater security. Better management of citizens' personal data and documents needs to be done, hiring more specialized IT staff and security staff and implementing them systems monitoring, alerting you in good time if there is any suspicious move.