Passport information, individual insurance account numbers, tax ID numbers, and other personal identifiable information (PII) have been leaked by multiple Russian government sites for more than 2.25 million citizens, including government employees and high ranking politicians.
Ivan Begtin, co-founder of Informational Culture, a Russian NGO, has discovered and documented the leaks.
High-profile Russian government officials include deputy chairman of the Russian Duma (Parliament) Alexander Zhukov, former deputy prime minister Arkady Dvorkovich, and former deputy prime minister Anatoly Chubais.
The Federal Service for Supervision of Communications, Information Technology and Mass Media, Roskomnadzor, responsible for Russia's censorship in media and telecommunications published a statement "No violations of the law on personal data were found in the work of operators of state information systems" with regards to the 360 thousand personal records made publicly available in Russia's information state systems.
Begtin blamed the exposures on the "government's inconsistency when dealing with document management operations, low-skilled IT personnel, and the lack of internal monitoring solutions that could have alerted operators about the exposed data."
Begtin said he investigated government online certification centers, 50 government portals, and an e-bidding platform used by government agencies. He found 23 sites leaking individual insurance account number (SNILS; Russia's equivalent for a Social Security number) and 14 sites leaking passport information. In total, the data of over 2.25 million Russian citizens was available online, available for anyone to download, Begtin said. Other data included full names, company, job title emails, and tax identification numbers. While some leaks were harder to identify, requiring Begtin to extract metadata from digital signature files, some data could be searched using Google for open web directories on government sites.