History
2023: Data breach of tens of thousands of customers
The data of tens of thousands of customers of the Sogaz-Life insurance company were in the public domain. This was announced on January 24, 2023 Telegram by the channel "Information Leaks" (it is maintained by the search leaks and monitoring service). Darknet DLBI
According to him, there was a "drain" of a partial SQL dump of the database of the sogaz-life.ru site owned by the Sogaz-Life insurance company. Dump hackers received from CMS "Bitrix," most likely, October 20, 2022, experts say
The published sample contains 49,999 lines, including:
- Login;
- FULL NAME;
- e-mail address;
- telephone number;
- address (not for everyone);
- gender;
- date of birth;
- date of registration and last activity;
- hashed (MD5 with salt and SHA512-Crypt) password.
The hacker who published the file with the leak claims that this is a fragment of a dump, and the main file contains about 700 thousand lines with personal data of users. The insurance company by January 25, 2023 did not comment on the fact of the incident.
Earlier in January 2023, Roskomnadzor announced that in a few months the department received about 100 notifications from Russian companies about leaks of personal data of users in accordance with the law, which entered into force on September 1, 2022. According to him, operators are obliged to notify Roskomnadzor of all security incidents with data leaks that occurred inside their perimeter, with the provision of the results of an internal investigation. In part from the notifications, the department took response measures, for example, fined companies for leaks.
According to the representative of the regulator, the problem associated with leaks of personal data came to the fore, since there were significantly more of them in comparison with previous years. At the same time, in some cases, employees who work in outsourcing companies are to blame for such incidents.[1]