Information security in Russian Post

Main article: Digitalization of Russian Post

2024

Data breach of millions of customers

On December 5, 2024, it became known that the Russian Post database containing personal information about millions of customers was at the disposal of cybercriminals. This information can be used to organize various fraudulent schemes aimed at stealing money.

According to the Telegram channel "Information Leaks," as evidence of the hack, the attackers posted a fragment of the database containing 2128 lines in the open access on the Internet. These are data such as surnames and names, phone numbers and partial addresses (only index and region/city) of recipients of shipments, SPI (bar postal ID), type of shipment, category, weight, size and cost, as well as dates of transactions.

𝓲

Фото: Unsplash

Selective checking of random records from this fragment by SPI on the pochta.ru/tracking website confirms the reliability of the partial address and type of departure, the publication says.

It is also noted that the full database dates from April 18, 2024 and contains more than 26 million lines of personal information. In addition to the listed information, it includes telephone numbers and TIN of senders (the database contains only items from organizations and individual entrepreneurs).

Russian Post, according to TASS, initiated an inspection in connection with the incident. Experts are studying a published fragment of data on belonging to the 2022 leak, when about 10 million lines of information were stolen. Then the company said that the leak does not threaten the safety of customers, since it does not contain bank data.

The company's specialists are now conducting an audit of the security of information systems and checking the published fragment for belonging to the leak in June 2022, representatives of the Russian Post say[1]

The ex-head of the Russian Post department received 5 years in prison for embezzling 40 million rubles by manipulating a computer

The ex-head of the Post department Russia received 5 years in prison for embezzling almost 41 million rubles by manipulating a computer. This FSB Republic of Sakha (Yakutia) was reported in the press service of Russia on February 22, 2024.

According to TASS, the statement of the department, the woman (her name is not disclosed) was found guilty under part 4 of article 159.6. ("Fraud in the field of computer information committed on an especially large scale," the maximum punishment is ten years in prison) of the Criminal Code of the Russian Federation.

It was established that the official deliberately, out of selfish motives, committed the theft of more than 40 million rubles by entering computer information using his official position, disposed of the funds at his discretion, - said in the message of the FSB of Russia in the Republic of Sakha (Yakutia).

The court satisfied the civil claim to recover the amount of theft from the convict in favor of the federal postal service department. Upon the entry into force of the verdict, the property arrested from the defendant in the criminal case will be sold to compensate for the damage caused to the victim, the press service added.

Earlier, the department said that the accused came up with a scheme of "illegal charges by entering computer information into the 1C software." At the same time, what was the scheme is not specified. The defendant pleaded guilty.

The Russian Post told Sakhapress that the theft was revealed by the company's security service.

After an internal audit, all the collected materials necessary to initiate a criminal case were transferred to law enforcement agencies. The employee who allowed the abuse of office was dismissed, the postal service department said.[2]

2022: Russian Post moved from "paper security" to the introduction of comprehensive protection amid the growth of cyber attacks and the incident with the data center

In 2022, events related to information security incidents were observed, which affected the information resources of the Russian Post. This is no longer "paper security," but an understanding of the need to introduce effective comprehensive protection, according to the annual report of the Russian Post in the section on ensuring cybersecurity.

The company indicates that in 2022 there was a significant increase in information security incidents compared to 2021. In particular, at the end of the third quarter of 2022, the same number of incidents were registered as in the entire 2021 year. And in the I-II quarters of 2022, the activities of "hacktivists of foreign states" and their increased activity led to a threefold increase in information security incidents.

Russian Post has strengthened cyber protection amid rising information security incidents "(photo: Pyotr Kovalev/TASS)"

The main cyber threats of the past year in the Russian Post include:

• malicious software;
• distributed denial of service attacks, including at the application level;
• penetration into corporate networks through the resources of contractors;
• APT attacks (Advanced Persistent Threat) on critical infrastructure and government agencies;
• actions of internal violators.

Attacks of the "distributed denial of service" type on the information resources of the "Russian Post" even led to the unavailability of the company's data center, follows from the annual report. At the request of TAdviser, the Russian Post chose not to comment on this incident and other moments from the annual report related to information security.

Timely detection and response to cyber attacks is provided by the Center for Monitoring Information Security "Russian Post." In order to ensure a round-the-clock response to cyber attacks, a shift of the Information Security Monitoring Center has been created. On an ongoing basis, the information background is monitored for new information about cyber attacks, their methods, vulnerabilities, malware.

And in order to timely block negative consequences, the company conducts investigations of incidents with the involvement of experts, operational interaction is carried out with the State system of detection, prevention and elimination of consequences of computer attacks Center of the FSB of Russia, FSTEC of Russia. A centralized approach to information security is carried out. Standards, regulations, requirements for the IT infrastructure and information security management system are the same for all territorial divisions and companies of the Russian Post group.

All information systems created and put into operation are audited for compliance with information security requirements, which allows to ensure control and timely elimination of vulnerabilities in the system architecture. Control for compliance with the requirements of already operated systems is provided by both internal and external audits, as well as information security regulatory checks. In 2022, in particular, 39 internal audits of information security were carried out.

In 2022, the Russian Post also completed the creation of a system for managing user identification information, granting the right to use the software.

And in order to ensure the protection of information processed in the information systems of the Russian Post in accordance with the requirements of the regulatory and legal documentation of the Russian Federation in the field of information protection and regulatory and methodological documentation of the FSTEC of Russia and the FSB of Russia, an agreement was concluded and executed for the supply of equipment and the provision of rights to use software for information protection, indicated in the annual report.

In addition, in pursuance of the 187-FZ "On the Security of the Critical Information Infrastructure of the Russian Federation," a list of objects of the critical information infrastructure of the Russian Post was approved, and their categorization was carried out.

Notes