According to the results of the first half of 2024, data from 150 Russian companies leaked onto the Internet for the first time – for the same period last year there were 119, writes “Kommersant” with reference to statistics from FAC.S.T. (formerly Group-IB). The victims of incidents are often not companies, but their clients. The situation may improve with the introduction of turnover fines for leaks, but the corresponding law has not yet been adopted.
Statistics on incidents involving leaks of personal data belonging to clients of Russian organizations are provided in a study by FAC.S.T.: according to the results of the first half of 2024, 150 companies committed them for the first time, while there were 119 of them during the same period last year. All published databases contained 200.5 million data lines — there were 397 million of them for the entire last year. The databases are current as of 2024, and the most common leaks include: full names of citizens, residential addresses, dates of birth, passport details, phone numbers, and passwords. About 30% of the leaks were from databases of companies engaged in retail trade. Information was also stolen from IT companies, insurance, energy, tourism, transport, educational, industrial, and medical organizations. “At the beginning of 2024, those databases that could only be transmitted within a narrow circle of intruders became publicly available for the first time,” FAC.S.T. noted.
Roskomnadzor received notifications of data leaks from only 93 companies in the first half of the year, the agency reported. Industrial and IT companies, as well as government agencies, suffered most from leaks during this period, Positive Technologies said. Alarming statistics indicate that more and more companies are digitalizing their services and entering e-commerce markets — while the frequency of cyberattacks is not decreasing, and the level of cybersecurity in companies is not increasing, DLBI is sure. Leaks of personal data threaten consumers, helping fraudsters carry out attacks using social engineering, Swordfish added.
For companies, the risks are minimal for now. The situation may change if a law is passed that provides for turnover fines for customer data leaks — it passed its first reading in the State Duma at the beginning of the year. The document provides for amendments to the Code of Administrative Offenses: fines for legal entities will amount to 0.1% to 3% of revenue for the calendar year, but no more than 500 million rubles. The IT industry proposed softening the terms of the bill for the second reading, but the presidential administration did not approve the corresponding proposal submitted by the Ministry of Digital Development. At the end of 2023, a bill was also submitted to the State Duma that provides for criminal liability for theft and sale of data. The Big Data Association, which includes Yandex, Sber, trading platforms and banks, agrees that customer data is the main value for large businesses, and, according to them, additional measures are being taken to protect it. The organization’s members are ready to accept a “reasonable increase in administrative responsibility” taking into account mitigating circumstances and a clear definition of the elements of the offense.
If you notice an error, select it with your mouse and press CTRL+ENTER.