IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Sensitive data of 2.25 million Russians exposed online

Passport information of senior officials are publicly accessible after a researcher identifies leaky government sites

A computer with data overlaid onto the Russian flag

More than 2.25 million Russian citizens' personal details have been exposed online through misconfigured government websites, including the passport information of high-profile Russian government officials.

An examination of a swathe of government platforms has found 23 sites leaking citizens' insurance account numbers and 14 sites leaking passport information, according to Ivan Begtin, co-founder of NGO Information Culture.

The researcher disclosed his findings to Russian media in a set of three articles, with the latest released this week in RBC revealing around 360,000 records were exposed. The details exposed includes the passport details and personal information of former Russian deputy prime ministers Anatoly Chubais and Arkady Dvorkovich.

This is in addition to an article Begtin published last month revealing that 2.25 million records are publicly available from the websites of certification centres. In his findings, he outlined information for several exposed systems including those for arbitration courts and the Ministry of Defence, rating the criticality as 'high' for all.

Begtin summarised his wider findings in a Facebook post, adding that he notified Russian authorities several times as early as eight months ago. But the Roskomnadzor, Russia's communications agency, "did not react".

He blamed errors in legislation, miscalculations by developers and shoddy work by data regulators as the core reasons why such a vast amount of information has been exposed by these government sites.

Begtin also cited a lack of professionalism with the IT developers who have built the sites, and are responsible for their maintenance.

Russia has not adopted the EU's General Data Protection Regulation (GDPR), rather its data regulators lean on a set of several data protection laws dating back to the previous decade, such as the Russian Personal Data Law 152-FZ of 2006.

The Russian communications agency responded to Begtin's findings shortly after he released his post, suggesting the data may have been intentionally made public and that there are no violations of data protection laws.

"An analysis of the situation has shown that such publication of personal data falls under the legal grounds provided for by article 6 of the Federal Law 'On Personal Data'," a Roskomnadzor spokesperson said.

"In particular, there are cases when personal data are subject to publication or mandatory disclosure to an unlimited number of persons for the implementation and fulfilment of the functions, powers and duties assigned by the Russian legislation to the operator."

The agency claimed the information published on the Ministry of Justice's website did not contain passport data.

Begtin's research highlights the importance of digital transformation, particularly in large public sector organisations where systems can date back as far as 30 years. Robust systems and practices can, in particular, prevent data leakages where sensitive information is concerned.

In the UK, the government was warned earlier this year that it must focus on replacing legacy IT or face risks of hanging onto outdated systems.

Featured Resources

Meeting the future of education with confidence

How the switch to digital learning has created an opportunity to meet the needs of every student, always

Free Download

The Total Economic Impact™ of IBM Cloud Pak® for Watson AIOps with Instana

Cost savings and business benefits

Free Download

The business value of the transformative mainframe

Modernising on the mainframe

Free Download

Technology reimagined

Why PCaaS is perfect for modern schools

Free Download

Most Popular

How to boot Windows 11 in Safe Mode
Microsoft Windows

How to boot Windows 11 in Safe Mode

7 Jun 2022
Attracting and retaining talent through training
Sponsored

Attracting and retaining talent through training

13 Jun 2022
Swift exit: How the world cut off Russian banks
finance

Swift exit: How the world cut off Russian banks

24 Jun 2022