Over the past 2023, over 290 leaks of confidential information were recorded in the Russian Federation, as a result of which cybercriminals and fraudsters were able to gain access to approximately 240 million unique phone numbers and 123 million email addresses of users from Russia. This was reported yesterday by Izvestia, citing the results of a study conducted by the vulnerability and data leak intelligence service DLBI.
According to analysts, most often leaks of confidential information occurred in Russia in 2023 in the e-commerce segment (about 40% of all cases). This ranking also included the healthcare sector (9%) and leisure (8.5%).
At the same time, the Russian financial sector is among the leaders in the total volume of leaks of confidential information: about 47% of all telephone numbers of Russians that were publicly available were previously in the databases of banking institutions. And e-commerce accounts for about 38% of freely accessible email addresses of Russians.
Journalists emphasize that Roskomnadzor previously cited different figures for leaks for 2023 in the country. In particular, according to information from the government agency, in 2023, 168 leaks of personal data of Russian citizens were discovered, as a result of which about 300 million records with personal data of Russians became publicly available.
It is separately emphasized that in December 2023, two draft laws were submitted to the State Duma of the Russian Federation, within the framework of which it is planned to significantly tighten the procedure for interaction in Russia with personal data. As part of the first such draft law, it is planned to introduce fines of up to 500 million rubles for legal entities that are guilty of leaks of confidential information. The second document is aimed at introducing criminal liability for the distribution of stolen personal data, and for perpetrators the maximum sentence will be up to 10 years in prison.
Journalists from the Izvestia publication also point out that many large Russian personal data operators criticized the above bills for their lack of mitigating circumstances for organizations that would be guilty of data leaks.
Experts pay special attention to the vagueness of the wording in these documents, the refusal to support citizens affected by data leaks, as well as the independence of the imposed monetary fine from the scale of the information security incident. It is planned that all necessary adjustments will be made to the documents for the second reading in the State Duma.
