Data leaks of telecom operators in Russia

Main article: Data leaks in Russia

2022

Beeline confirms data leak from corporate directory

In early December 2022 about a data breach , subscribers "" VimpelCom(Beeline brand) became known. The company itself confirmed the information that appeared in the media. More. here

The database of millions of Tele2 subscribers got into open access

The Tele2 subscriber database got into open access. This was announced on August 8, 2022 by the Telegram channel "Information Leaks." According to him, we are talking about the data of participants in the Tele2 loyalty program. Read more [[T2 RTK Holding
Tele2 Russia|here]].

A database with passports of Beeline home Internet users was leaked to the network

A database data with passports of users of the home Beeline was leaked to the network Internet , which became known at the end of July 2022. According to the information DLBI darknet search and monitoring service, a database from September 2021 was put up for sale with almost 1.5 million personal data of telecom operator subscribers connected at wired broadband Internet tariffs. More. here

The customer base of Smart Home from Rostelecom has been made publicly available

On June 8, 2022, it became known about the leakage of data from customers of the Smart Home service, which is being developed by Rostelecom. According to the Telegram channel "Data Leaks" (it is administered by the founder and technical director of DeviceLock DLPshot Hovhannisyan), the six text files posted publicly contain a total of 712,999 lines containing the client's name, email, phones, passwords, as well as technical information: dates of registrations, last activity, etc. More details here.

Data from Rostelecom employees hit the Web

On June 6, 2022, it became known that Rostelecom employees' data were publicly available. The company confirmed the problem and suggested that it arose due to the actions of one of the former employees. Read more here.

Astrakhan received 3 years in prison for the sale of these cellular subscribers

The Kirovsky District Court of Astrakhan sentenced a specialist of the cellular sales office to three years in a general regime colony for theft and subsequent sale of personal data of subscribers. He was found guilty of committing a crime under Part 4 of Art. 274.1 of the Criminal Code of the Russian Federation (unlawful impact on the critical information infrastructure of the Russian Federation). This was announced on February 1, 2022 by the press service of the Prosecutor's Office of the Astrakhan Region.

The court found that a specialist of the cellular sales office in November 2020, in violation of the job description, employment contract and appendices to it, using the personal login and password of another office specialist, accessed the Single Window information system, which allows viewing personal data of mobile network subscribers, information about telephone numbers registered on them, communication services, tariff plans, requiring cards of two subscribers. He copied the data and handed it over for a monetary reward to another person.

As the employees of FSB Russia the Astrakhan Region Administration found out, the young man met a certain user on the Internet, who offered him to "leak" personal data of subscribers from the information systems of mobile operators for money. But the suspect for some reason did not take into account that cameras could follow him. video surveillances Therefore, the moment when he photographed the data of interest to the customer from the monitor screen and transmitted it through the messenger got into the frame and became evidence in court.

As noted by the Telegram channel "Information Leaks," this punishment for illegal access to data from critical information infrastructure turned out to be surprisingly tough and not typical of Russian realities. The usual court practice is to impose a fine and conditional imprisonment.[1]^{[1][2][3][4][5]}

2021: Data of 70% of VimpelCom subscribers hit the public domain

In mid-September 2021, it became known about a major leak of these VimpelCom subscribers. Personal data (passport data, emails, phone numbers, etc.) of users of home Internet services were freely available, said independent computer security expert Bob Dyachenko. Read more here.

2019

An employee of a large cellular operator sold personal data of subscribers

On December 30, 2019, it became known that Russian citizen Denis Kunavin was selling personal data of subscribers of a large Russian mobile operator. He owned up-to-date information, since he was an employee of this company.

According to the prosecutor's office of the Sverdlovsk region, Kunavin's fraud with personal data was disclosed. At the end of December 2019, the Chkalovsky District Court of Yekaterinburg convicted him - restriction of freedom for three years, but at the time of publication of the material it did not enter into legal force.

According to the investigation, Denis Kunavin worked for a telecom operator from 2017 to 2019 as a specialist. He had access to personal information about subscribers, which he used for the purpose of personal enrichment.

As it became known, in 2018 and 2019 Kunavin directly from his workplace repeatedly copied personal data, after which he sold it to customers. He estimated detailed information about one subscriber at 300 rubles. The total number of people affected by Kunavin's actions has not yet been established, as the identities of his "clients" have not been established.

According to the prosecutor's office, Denis Kunavin was aware that information about subscribers of cellular companies was protected by the Constitution of Russia. According to Part 2 of Art. 23, the Constitution guarantees the secrecy of telephone conversations, and violation of this right without the consent of the subscriber is prosecuted by law.

As a result, Kunavin was found guilty by the court under Part 2 of Art. 138 of the Criminal Code of the Russian Federation (violation of the secrecy of telephone conversations and other messages of citizens, committed by a person using his official position). As a punishment for this, the law provides for a fine in the amount of 100 thousand rubles. up to 300 thousand rubles. or in the amount of the salary or other income of the convicted person for a period of one to two years. He may also be awarded deprivation of the right to hold certain positions or engage in certain activities for a period of two to five years, arrest for up to four months, or imprisonment for up to four years.

Additionally, Kunavin was charged under Part 3 of Art. 272 of the Criminal Code of the Russian Federation (illegal access to legally protected computer information, if this act entailed copying computer information committed out of selfish interest, committed by a person using his official position). Here he was threatened with at least a fine of up to 500 thousand rubles. and maximum imprisonment for up to five years.

However, Kunavin managed to avoid serious punishment for his crimes. By a court decision, he was sentenced to only three years of restriction of freedom.

Restriction of liberty should not be confused with its deprivation. The restriction means that the convict does not have the opportunity to leave his home at a certain time of the day, visit certain places, leave the city, change his place of residence and work, participate in mass events, etc.^[6]

Beeline confirmed the fact of a database leak for 2 million of its customers

On October 7, 2019, it became known that telecom operator "" VimpelCom(trade brand "") Beeline confirmed the fact of leaks databases its customers containing information about millions of wired users. According to the Internet data, RIA Novosti the company has begun investigating the incident. More. here

Notes