Data leaks of telecom operators in Russia

Main article: Data leaks in Russia

2025: Data leakage from Rostelecom systems occurred, possibly due to the fault of the contractor

On the Telegram channel "Information Leaks" on January 21, a message appeared^[1] that the Silent Crow group, whose channel was created on December 25, announced that it had received a database of sites company.rt.ru and zakupki.rostelecom.ru. As evidence, some tables were provided, information from which dates from September 20, 2024. According to the administrators of the Information Leaks channel, the database contains 154 thousand unique email addresses and 101 thousand unique phone numbers.

The Internet resources mentioned in anonymous messages are not intended to serve individual clients, - explained TAdviser in the press service of Rostelecom. - These resources do not store or process personal data of private clients. Previously, the company recorded information security incidents with one of its contractors serving these resources. It is most likely that the leak occurred from the contractor's infrastructure. Rostelecom has taken measures to eliminate the identified threats. We are currently reviewing the contents of the database to determine how much of the data has been compromised and whether it relates to the company. First, we can say that there was no leakage of particularly sensitive personal data. But we recommend that resource users reset passwords and enable two-factor authentication, where it is available.

The Ministry of Digital Development joined the investigation of the incident.

Sensitive personal data of private customers of the contractor company also did not leak, - said the agency[2] in its Telegram channel. - The Internet resources mentioned in anonymous messages are not intended to serve individual clients. They do not store and process data. To protect Rostelecom's systems, a layered approach is used - several complementary security measures. Information security specialists "Rostelecom" were not responsible for the contractor's systems. Now we, together with Rostelecom, are already working to strengthen the protection of this part of the infrastructure. We are in touch with our colleagues. All necessary measures have been taken, a detailed investigation is being carried out.

According to Anton Antropov, technical director of IT Task, the leak occurred through a feedback form, the data in which were not very carefully protected.

Here we observe what I would call the classic risk-oriented approach from the series "why do we need to protect everything if only important parts of the site can be protected?," He explained the situation for TAdviser readers. "Given that the information tells us about hacking exactly the form of feedback, this is what companies usually think about the least. People leave real names, phones, mail and, as we can see, hackers do not hesitate to hack into any sections of the site. Therefore, here we can safely say that everything needs to be protected with high quality.

Earlier, the Silent Crow group announced leaks in Rosreestr, Kia Russia and the CIS, AlfaStrakhovanie-Life and Alfa-Bank Customer Club.

The data, the distribution of which was announced by Silent Crow representatives, can be used by them, among other things, to conduct fraudulent operations, since representatives of quite large companies left their data both among Rostelecom's corporate clients and on the procurement service, and fraudsters can also use this data.

Users whose data fell into the Procurement database may face massive cold calls from managers of different companies and phishing letters on behalf of Rostelecom, warns Sergei Trukhachev, head of the ESA PRO service. - Hacking corporate mail addresses for further use as part of the "man in the middle" scheme is not excluded. It is also possible to call or message allegedly from the head or human resources department, according to the now popular scheme, with a request to wait for the call of the introduced law enforcement officer. It is important to note that, according to the source, only part of the stolen data was published, and the content of the remaining files remains unknown.

The issue of unauthorized access to personal data, including those left by the portal users themselves, is now one of the important ones due to the recently adopted amendments to the administrative code, which greatly increase fines for such leaks.

It is clear that there is no ideal protection - there is always a risk of hacking, and it does not matter due to criminal negligence, identifying a new vulnerability or an insider inside, - said Maxim Stepchenkov, co-owner of IT Task. - It is important to understand how this happened, because Rostelecom and its subsidiaries are one of the largest players in the field of information security, and accordingly, how this will affect the reputation of Rostelecom and other players supplying the relevant services. Whether the market sees this as an attack on the carrier or as a service provider, which has been popular for the past few years around the world. But at the moment, the most important thing is to accurately determine all attack vectors and take appropriate actions, which will definitely make Rostelecom.

As a result of such a data breach, the company can receive not only administrative fines under the new law, but also damage to its reputation.

This incident can significantly undermine the trust of Rostelecom's customers and partners, "said Dmitry Khomutov, director of Ideco. - As a result, customers may prefer competitive solutions that offer higher levels of security. In addition, the company's investment projects are at risk, which could lead to a reduction in investment inflows.

Therefore, it is important for companies to both comply with preventive measures to protect their own valuable data and draw up a plan for responding to such incidents. Now a good tone is the inclusion of such requirements in contracts with subcontractors, through which quite a lot of confidential information flows.

To avoid such consequences and protect both customer data and their reputation, companies need to act comprehensively, "Arthur Kondakov, head of the MyOffice information security development and implementation group, recommends to TAdviser readers. - First, it is critical to implement multi-factor authentication and additional encryption systems that will significantly strengthen protection. Secondly, to conduct regular security audits and pentests that will help identify weaknesses in the system in a timely manner - even before attackers can use them. Separately, it should be said about transparent communication with customers - informing about protection measures will create additional trust and increase loyalty.

2024: Data leakage of 198 thousand customers of the Russian telecom operator "Zonatelecom"

On September 19, 2024, it became known that the personal information of the clients of the Russian telecom operator ZT (Zonatelecom) was at the disposal of cybercriminals. This company, among other things, provides services to institutions of the Federal Penitentiary Service of Russia (FSIN). Read more here.

2022

Beeline confirms data leak from corporate directory

In early December 2022 about a data breach , subscribers "" VimpelCom(Beeline brand) became known. The company itself confirmed the information that appeared in the media. More. here

The database of millions of Tele2 subscribers got into open access

The Tele2 subscriber database got into open access. This was announced on August 8, 2022 by the Telegram channel "Information Leaks." According to him, we are talking about the data of participants in the Tele2 loyalty program. Read more [[T2 RTK Holding
Tele2 Russia|here]].

A database with passports of Beeline home Internet users was leaked to the network

A database data with passports of users of the home Beeline was leaked to the network Internet , which became known at the end of July 2022. According to the information DLBI darknet search and monitoring service, a database from September 2021 was put up for sale with almost 1.5 million personal data of telecom operator subscribers connected at wired broadband Internet tariffs. More. here

The customer base of Smart Home from Rostelecom has been made publicly available

On June 8, 2022, it became known about the leakage of data from customers of the Smart Home service, which is being developed by Rostelecom. According to the Telegram channel "Data Leaks" (it is administered by the founder and technical director of DeviceLock DLPshot Hovhannisyan), the six text files posted publicly contain a total of 712,999 lines containing the client's name, email, phones, passwords, as well as technical information: dates of registrations, last activity, etc. More details here.

Data from Rostelecom employees hit the Web

On June 6, 2022, it became known that Rostelecom employees' data were publicly available. The company confirmed the problem and suggested that it arose due to the actions of one of the former employees. Read more here.

Astrakhan received 3 years in prison for the sale of these cellular subscribers

The Kirovsky District Court of Astrakhan sentenced a specialist of the cellular sales office to three years in a general regime colony for theft and subsequent sale of personal data of subscribers. He was found guilty of committing a crime under Part 4 of Art. 274.1 of the Criminal Code of the Russian Federation (unlawful impact on the critical information infrastructure of the Russian Federation). This was announced on February 1, 2022 by the press service of the Prosecutor's Office of the Astrakhan Region.

The court found that a specialist of the cellular sales office in November 2020, in violation of the job description, employment contract and appendices to it, using the personal login and password of another office specialist, accessed the Single Window information system, which allows viewing personal data of mobile network subscribers, information about telephone numbers registered on them, communication services, tariff plans, requiring cards of two subscribers. He copied the data and handed it over for a monetary reward to another person.

As the employees of FSB Russia the Astrakhan Region Administration found out, the young man met a certain user on the Internet, who offered him to "leak" personal data of subscribers from the information systems of mobile operators for money. But the suspect for some reason did not take into account that cameras could follow him. video surveillances Therefore, the moment when he photographed the data of interest to the customer from the monitor screen and transmitted it through the messenger got into the frame and became evidence in court.

As noted by the Telegram channel "Information Leaks," this punishment for illegal access to data from critical information infrastructure turned out to be surprisingly tough and not typical of Russian realities. The usual court practice is to impose a fine and conditional imprisonment.[1]^{[3][4][5][6][7]}

2021: Data of 70% of VimpelCom subscribers hit the public domain

In mid-September 2021, it became known about a major leak of these VimpelCom subscribers. Personal data (passport data, emails, phone numbers, etc.) of users of home Internet services were freely available, said independent computer security expert Bob Dyachenko. Read more here.

2019

An employee of a large cellular operator sold personal data of subscribers

On December 30, 2019, it became known that Russian citizen Denis Kunavin was selling personal data of subscribers of a large Russian mobile operator. He owned up-to-date information, since he was an employee of this company.

According to the prosecutor's office of the Sverdlovsk region, Kunavin's fraud with personal data was disclosed. At the end of December 2019, the Chkalovsky District Court of Yekaterinburg convicted him - restriction of freedom for three years, but at the time of publication of the material it did not enter into legal force.

According to the investigation, Denis Kunavin worked for a telecom operator from 2017 to 2019 as a specialist. He had access to personal information about subscribers, which he used for the purpose of personal enrichment.

As it became known, in 2018 and 2019 Kunavin directly from his workplace repeatedly copied personal data, after which he sold it to customers. He estimated detailed information about one subscriber at 300 rubles. The total number of people affected by Kunavin's actions has not yet been established, as the identities of his "clients" have not been established.

According to the prosecutor's office, Denis Kunavin was aware that information about subscribers of cellular companies was protected by the Constitution of Russia. According to Part 2 of Art. 23, the Constitution guarantees the secrecy of telephone conversations, and violation of this right without the consent of the subscriber is prosecuted by law.

As a result, Kunavin was found guilty by the court under Part 2 of Art. 138 of the Criminal Code of the Russian Federation (violation of the secrecy of telephone conversations and other messages of citizens, committed by a person using his official position). As a punishment for this, the law provides for a fine in the amount of 100 thousand rubles. up to 300 thousand rubles. or in the amount of the salary or other income of the convicted person for a period of one to two years. He may also be awarded deprivation of the right to hold certain positions or engage in certain activities for a period of two to five years, arrest for up to four months, or imprisonment for up to four years.

Additionally, Kunavin was charged under Part 3 of Art. 272 of the Criminal Code of the Russian Federation (illegal access to legally protected computer information, if this act entailed copying computer information committed out of selfish interest, committed by a person using his official position). Here he was threatened with at least a fine of up to 500 thousand rubles. and maximum imprisonment for up to five years.

However, Kunavin managed to avoid serious punishment for his crimes. By a court decision, he was sentenced to only three years of restriction of freedom.

Restriction of liberty should not be confused with its deprivation. The restriction means that the convict does not have the opportunity to leave his home at a certain time of the day, visit certain places, leave the city, change his place of residence and work, participate in mass events, etc.^[8]

Beeline confirmed the fact of a database leak for 2 million of its customers

On October 7, 2019, it became known that telecom operator "" VimpelCom(trade brand "") Beeline confirmed the fact of leaks databases its customers containing information about millions of wired users. According to the Internet data, RIA Novosti the company has begun investigating the incident. More. here

Notes