Leading information security consultant at Innostage Tatyana Nikanorova
Posted: Tue Jan 21, 2025 7:19 am
Lead engineer of CorpSoft24 Mikhail Sergeev named two possible scenarios of large-scale leaks: "We may be talking about a targeted attack on a specific resource to steal a database that contains the information needed by the intruder, including personal data. This option is complex, requires large resources and may not be implemented at all. The second is associated with the search for known vulnerabilities through various scanners. A huge number of platform owners ignore various procedures for protecting the system, do not update the platform, after a certain time the scanners find them and hack them, and the data ends up in the public domain. There are a lot of such systems, and we can say that they are the main source of personal data leaks."
attributes mass data estonia whatsapp resource leaks in Russia to the insufficient level of maturity of protection processes in companies: "According to Innostage, more than 85% of personal data leaks in 2023 occurred in segments related to online services: delivery, online stores, ticket and tour purchase sites, news portals and social networks. The main reason for the large number of leaks of digital platforms is the availability and mass posting of personal data by users, as well as the lack of the necessary level of maturity of the processes for protecting and processing personal data. The introduction of criminal liability is aimed at reducing the growth of crimes related to the illegal use, transfer, collection and storage of personal data. Improving the quality of investigation of leak incidents should be facilitated by raising the awareness of specialists responsible for ensuring information security about the adopted regulations governing the procedures for investigating incidents and interacting with regulators, as well as improving the technical knowledge of employees investigating incidents, including in the field of computer forensics - Digital Forensic".
Vasily Stepanenko believes that it is necessary, first of all, to achieve a guarantee of data protection, and not to increase liability for violators: "The introduction of criminal liability will increase the importance of the issue of personal data security in the eyes of the management of companies that process and store personal data. However, it is important to ensure real data protection, and not to increase the business's fear of punishment, paralyzing its work. Some information has already leaked onto the Internet, and information can be found on almost any subject of personal data. At the same time, it is extremely difficult to confidently say whether the leak is fresh or last year's. In order to conduct effective leak investigations, valid event logs are needed, and now the process of collecting and storing such logs is not clearly spelled out in regulatory documents. The exception is the financial sector, where the regulator is the Central Bank."
As Igor Ashmanov emphasized, data leaks have become a matter of national security for Russia, since they are actively used by attackers during attacks, they are the starting capital for fraudsters. At the same time, he recalled that the volume of leaked data continues to grow rapidly: according to the results of the first quarter of 2024, 510 million records of personal data of Russian citizens were leaked, which is more than for the whole of 2023 (490 million).
Member of the Public Chamber of the Russian Federation, head of the Safe Internet League Ekaterina Mizulina stated that in Russia it is easier to obtain personal data of any citizen than anywhere else in the world. She drew attention to the fact that such easy accessibility of data about people leads to the fact that they are used not only by fraudsters during mass attacks, but also in cyberbullying campaigns. The Safe Internet League identified several dozen such incidents by the end of 2023.
attributes mass data estonia whatsapp resource leaks in Russia to the insufficient level of maturity of protection processes in companies: "According to Innostage, more than 85% of personal data leaks in 2023 occurred in segments related to online services: delivery, online stores, ticket and tour purchase sites, news portals and social networks. The main reason for the large number of leaks of digital platforms is the availability and mass posting of personal data by users, as well as the lack of the necessary level of maturity of the processes for protecting and processing personal data. The introduction of criminal liability is aimed at reducing the growth of crimes related to the illegal use, transfer, collection and storage of personal data. Improving the quality of investigation of leak incidents should be facilitated by raising the awareness of specialists responsible for ensuring information security about the adopted regulations governing the procedures for investigating incidents and interacting with regulators, as well as improving the technical knowledge of employees investigating incidents, including in the field of computer forensics - Digital Forensic".
Vasily Stepanenko believes that it is necessary, first of all, to achieve a guarantee of data protection, and not to increase liability for violators: "The introduction of criminal liability will increase the importance of the issue of personal data security in the eyes of the management of companies that process and store personal data. However, it is important to ensure real data protection, and not to increase the business's fear of punishment, paralyzing its work. Some information has already leaked onto the Internet, and information can be found on almost any subject of personal data. At the same time, it is extremely difficult to confidently say whether the leak is fresh or last year's. In order to conduct effective leak investigations, valid event logs are needed, and now the process of collecting and storing such logs is not clearly spelled out in regulatory documents. The exception is the financial sector, where the regulator is the Central Bank."
As Igor Ashmanov emphasized, data leaks have become a matter of national security for Russia, since they are actively used by attackers during attacks, they are the starting capital for fraudsters. At the same time, he recalled that the volume of leaked data continues to grow rapidly: according to the results of the first quarter of 2024, 510 million records of personal data of Russian citizens were leaked, which is more than for the whole of 2023 (490 million).
Member of the Public Chamber of the Russian Federation, head of the Safe Internet League Ekaterina Mizulina stated that in Russia it is easier to obtain personal data of any citizen than anywhere else in the world. She drew attention to the fact that such easy accessibility of data about people leads to the fact that they are used not only by fraudsters during mass attacks, but also in cyberbullying campaigns. The Safe Internet League identified several dozen such incidents by the end of 2023.