Multiple Russian government sites leak passport and personal data of over 2.25 million citizens

• Begtin uncovered almost 23 Russian government sites that leak SNILS numbers and almost 14 sites that leak passport details.
• The leaked passport and personal details also belonged to several high-profile Russian government officials including the deputy chairman of the Russian Duma (Parliament) Alexander Zhukov, former deputy prime minister Arkady Dvorkovich, and former deputy prime minister Anatoly Chubais.

Ivan Begtin, the co-founder of Russian NGO Informational Culture, discovered that multiple Russian government websites are leaking the personal and passport data of over 2.25 million citizens, including those belonging to government officials and high profile politicians.

More details on the data leak

• Begtin uncovered almost 23 Russian government sites that leaked SNILS numbers and another 14 sites that leaked passport details.
• These sites also exposed other personal information such as names, email addresses, designation, place of work, and tax identification numbers.

Begtin noted that certain data leaks were harder to identify and required extraction of metadata from digital signature files, while some were easily identified using a Google search for open web directories on government sites.

Investigation and notification

Begtin conducted extensive research by investigating government online certification centers, an e-bidding platform used by government agencies, and almost 50 government portals. He then posted a three-part blog series about the data leak.

He also notified Roskomnadzor, the Russian government agency in charge of data privacy, almost 8 months ago about the breach. He attempted to contact the government authorities several times but failed to get a response from them.

Later, Begtin shared his findings with Russian news site RBC, which published an in-depth article.

RBC conducted an investigation and found out that the passport and personal details also belonged to several high-profile Russian government officials including the deputy chairman of the Russian Duma (Parliament) Alexander Zhukov, former deputy prime minister Arkady Dvorkovich, and former deputy prime minister Anatoly Chubais.