Posted 17 апреля 2023, 04:55
Published 17 апреля 2023, 04:55
Modified 17 апреля 2023, 07:24
Updated 17 апреля 2023, 07:24
According to a study by InfoWatch Group of Companies "Russia: leaks of restricted access information in 2022", the number of compromised records containing personal data increased by 2.67 times compared to 2021 and amounted to more than 667 million units. The number of leaks last year exceeded the country's population by more than 4.5 times. RBC writes about this.
For the analysis, InfoWatch specialists used a database of information leaks - they have been running it since 2004. The list includes the number of compromised records containing personal data and payment information. Each leak last year was a third more than a year earlier, it contained about 940 thousand records. Almost 80% of the leaks were related to the actions of external and internal violators.
The share of leaks of information related to trade secrets has doubled. The number of leaks in retail, hotels, cafes and restaurants has increased almost fivefold, and in industry, transport and energy - three times. The share of leaks related to small businesses was more than 20%, which is twice as high as in 2021.
In 2022, there was a huge leak of personal information, which was twice as large as InfoWatch estimates, said Valery Baulin, CEO of Group-IB in Russia and the CIS. The number of leaked records exceeded the population of Russia by ten times. The total number of rows of user data in leaks last year was at the level of 1.4 billion, and in 2021 there were only 33 million.
Most of the leak announcements were revealed on forums and Telegram. Mass publication of ads in messengers has become a trend in 2022. Before that, similar cases were isolated. All areas of Russian business are not protected from leaks, Baulin stressed. Most of the leaked databases of Russian companies in 2022 and early 2023 were made publicly available for free. This means that the cybercriminals had a motive not to make money, but to cause reputational or economic damage to Russian business and its clients.
Ashot Oganesyan, the founder of DLBI's data leak intelligence and monitoring service, claims that significantly less data has leaked from Russian companies than is given in the InfoWatch report. About a hundred million unique e-mail addresses and 110 million unique phone numbers. The volume of non-unique data is estimated in billions, but this is not a very meaningful indicator. He also questioned the conclusion about 80% of leaks with the likely participation of external and internal violators. 80% of leaks are the result of hacking and penetration from the outside, and insider leaks are "concentrated in the penetration segment." Companies have learned how to deal with massive data uploads.
In the middle of last month, a bill was submitted to the State Duma on fines for the leakage of personal data up to 500 million rubles, as well as the introduction of additional criminal penalties. The initiator of the amendments was the Ministry of Finance, it sent both drafts on tougher penalties to the relevant committee of the lower house. To date, the maximum fine for the leakage of personal data for business is half a million rubles. If the law is adopted, the punishment in monetary terms will increase a thousand times.