Personal and passport information belonging to more than 2.25 million citizens of Russia has been leaked through government websites. Information of government employees and politicians is also exposed, according to findings by Ivan Begtin, co-founder of a Russian NGO known as Informational Culture.
Apparently, Begtin released a series of blog posts detailing his investigations of government online certification centers, 50 government portals, and an e-bidding platform government agencies use.
Russian Government Websites Leaking Highly Sensitive Personal Information
In total, the Russian discovered 23 websites leaking insurance account numbers (equivalent of social security numbers), and 14 websites leaking passport information. This type of personal information is not the only one exposed – full names, job titles, place of work, personal emails, and tax identification numbers are also compromised. This makes more than 2.25 million Russian citizens exposed as their data is available for anyone to download.
Some of the exposed data could be found quite easily – just by running a quick Google search for open web directories on government websites.
Begtin said he got in touch with Russian’s government agency Roskomnadzor… eight months ago. In a conversation with ZDNet, the researcher noted that he contacted the agency multiple times but it didn’t do anything to secure the leaky sites. Furthermore, the agency even said the data was legal to disclose.
Begtin’s report says the following:
In total, this is at least 2.25 million records with personal data that is publicly available. Some of the information contains information including on persons protected by separate regulatory documents and is even more sensitive than just personal data (Note that the original text is in Russian and this is auto-translated.)
An investigation carried out by Russian news site RBC confirmed that the passport and personal details of several high-profile Russian government officials, such as deputy chairman of the Russian Duma (Parliament) Alexander Zhukov, former deputy prime minister Arkady Dvorkovich, and former deputy prime minister Anatoly Chubais, were exposed in the leaks.
Oddly enough, Roskomandzor published an official statement where it says that the leaky data was never meant to be private. The data is still available online. As to why this is all happening, Begtin blames the government’s inconsistency in document management, low-skilled IT personnel, and the lack of internal monitoring solutions to alert about data leaks and breaches.