Personal data and its leakage. How to protect your data


A whole series of scandals has been accompanying Russian services since the beginning of March, data is leaking outside and

become public property.Tens of millions of orders in Yandex.Food, including people's personal data, then exactly the same problem in Delivery Club, as if direct competitors are competing here to see who misses the most data. Later it turns out that, in addition to customer data, both services missed the personal data of couriers, each of them has more than half a million people. In parallel, CDEK data leaked, as well as the Gemotest laboratory, where personal data was diluted with test results, including for HIV. It seems that in Russia user data is stored very badly, no one bothers to protect it. In words, these data are protected, in fact they absolutely do not care about them.

I think this is one of the aspects of the attitude towardsdigital hygiene. People do not understand what their data means, how it can be used in life and why protecting it is important. Recall that the data of orders and users of Yandex.Food was leaked at the beginning of March 2022, but it produced the effect of an exploding bomb at the end of March, when someone added this data to a convenient interface where you could view orders on a map in a specific home for different cities or search for a specific phone number and see all orders associated with it. At the same time, such information as the content of orders itself was not presented in the database, although this data was in the original leak. It is impossible to see what exactly you ordered, whether you chose rolls or Russian cuisine, within the framework of a convenient interface. But in the original database, all this is present.

Describe again the Yandex leak and whatthe company did nothing, I don’t see the point, we had a detailed text about it. It is important that since that time the company has not done anything to protect user data, except for lengthy statements that the circle of people who have access to such data is now limited. This is clearly not enough to make us feel safe.

Data leakage in the Yandex.Food service is a problem of personal data

Data leakage in the Yandex.Food service - what you ate, how much you spent, where you live. And all this in a convenient form on the map.

What is the danger of such data?This is a question that is often asked, and it seems that there is nothing wrong with the availability of this data, after all, they can be found in other ways. Of course, this is true to some extent, but let's look at a simple example of how leaked data can make life difficult for ordinary people.


Affiliate material

Reality and prospects of the IT professions market

What professions are the most popular and highly paid?

Saturday coffee #202

Pour a cup of invigorating Saturday coffee andcheck out the news of the week. Xiaomi has introduced a new version of its smart bracelet, realme is releasing an interesting tablet, re:Store is closing stores, and LEGO is delighting with a new set…

Skoda Karoq test. For home, for family

Skoda Karoq compact crossover sales inRussia began in February 2020, and already in the summer, according to Avtostat, the novelty entered the TOP-10 most popular SUVs and the TOP-25 best-selling cars in Russia.

Dyson V12 Detect Slim Absolute review

A lighter version of the updated line, proprietary ergonomics, decent power and the latest technology. Laser, fight the dust!

Petersburg, city center - entrances, more precisely,front doors, closed with keys and intercom codes, tourists rush to some houses to get inside and look at traces of their former greatness - either a stove that has been preserved from time immemorial, or stained-glass windows on the windows.

Somewhere residents are tired of tourists and chase them,somewhere, on the contrary, fragments of the past are proudly shown. There is a concierge in Eliseev's house, where the Romashka front door is located, and enterprising residents collect a hundred rubles per visit. But this is rather an exception, in most places there are no living people, only intercoms, and these are residential apartment buildings.

After the leak of Yandex.Food, the work of pawnbrokers who place packets of banned substances in front doors has become much easier, now they easily distribute access codes to strangers who spied on a leak from Yandex. A huge world immediately opened up for them, and in various cities - in Moscow, St. Petersburg and others. If earlier these spaces were closed, now they have become a passage yard. The cameras hanging at the entrance do not yet solve problems, they do not have the function of identifying residents and identifying suspicious people who enter codes - such opportunities will appear in a couple of years, we are rapidly moving towards this. But now it is not.

I don't think any of you want to facedrug addicts near the door of their apartment or see them at the entrance, the neighborhood is not the best. Some time ago, an acquaintance of the district police officer spoke about observing Moscow houses in a prosperous area: people generously share the entrance code to the entrance with couriers, and then it becomes known to hundreds of people, it can be found on the forums. When the district police officer asked to change the intercom code, people did not do this - it was too time consuming, it was not clear how this could be done and, most importantly, for what. There is no simple procedure, and many of us simply do not want to think about how one is related to the other. They complain about the same pawnbrokers, but do not want to do anything themselves to rectify the situation. And this is just one of the sides of the disregard for data.

A misunderstanding of digital hygiene is seen in everything thatwe do. Do you understand how much data about you is collected by your smartphone and the various applications that are installed on it? I am sure that most do not think about it - and this is a very accurate portrait of you and a cast of your life.

Mobile-review.com Is your smartphone knocking on you? An alternative to iOS/Android in terms of privacy

What does the smartphone know about you and how does it knock on you; why Android/iOS collect data about you and why; what is the alternative to surveillance and is there one

Leave no digital footprints in our worldalmost impossible, of course, if you want to enjoy all the benefits of civilization. For example, I heard a curious opinion that food delivery services, ordering a taxi through the application and other equally convenient things should be abandoned. Or indicate the left data there, which is possible in theory, but creates a greater number of difficulties than it might seem at first glance. Creating a digital twin is expensive and dreary, as long as there is no interface for this. In theory, banks could create virtual bank cards not tied to a person's name, but only in theory. The same Google Pay, Samsung Pay, Apple Pay partially try to solve this issue by closing user data from the service and issuing only tokens by which a person cannot be identified. In theory, everything sounds great, in practice, when you link a payment method, you do it under your name in another application - all security falls like confetti in a single moment. We ourselves do not think about the fact that it is possible and necessary to protect our data. No one taught us this, but life has not forced us yet.

Unfortunately, assume that you're on your ownyou can protect your data and at the same time use modern services, you can’t. A utopia as such, you cannot become anonymous in the world of big data, especially since companies consider you a digital product that you can make money on.

But we are not at all defenseless in the face of companies,because there are laws that protect us. And if at the moment the maximum liability for the company for the leakage of personal data is one hundred thousand rubles, then the liability to each victim is formally not limited in any way, you can apply to the court on your own behalf. Another thing is that there are still few people who will do this, but it's a beginning. With each leak, the number of those who, on principle, will want to punish the company that allowed it, and at the same time earn some money (in Russia, it is quite possible to get up to 50 thousand rubles plus the costs of a lawyer) will grow. For comparison, a large-scale leak from Yandex.Food cost the company a fine of 60,000 rubles. That is, the state itself is pushing Yandex to sell our data, the fine is too small. In 2021, 1.3 million scans of customer passports were stolen from Oriflame, the company was fined 30 thousand rubles. Inexpensive.

The Ministry of Digital Development proposed a bill, according toto which the penalty for the leakage of personal data can be up to 1% of the company's annual turnover and up to 3% if the company did not notify Roskomnadzor within 24 hours. It sounds good, but it is necessary that such a law appear and that the criteria for personal data be very clearly spelled out. So, in Yandex.Food, the leaked data of their customers is not considered personal (name, phone number, address, number of orders, money spent). Possible interpretations of what personal data is should be avoided.

Only increased pressure on companies canmake them responsible for our data. And this will apply not only to private companies, but also to government agencies. In each case, it is necessary to form a punishment for those who leaked, up to criminal liability, as operators do for disclosing subscriber data by employees when they try to transfer them to someone. The theft of subscriber data from operators has practically come to naught, it is impossible to get data like ten years ago or even more.

Mobile-review.com Myths about databases with phones, call records and personal SMS

Do operators sell call and SMS data? Or do scammers pretend that they have such data about any person?

The conclusion that can be drawn is simple.Try to be reasonable about what data you provide in certain services. For example, you can not indicate the code from the intercom, but simply leave the apartment number, let the courier call and you will let him in. You can link network services to a second SIM card that is not connected to other services, such as banking. It always makes me infinitely happy when they call me on a phone number that is not listed in any bank and start telling me that my money is at risk. But there are almost no such calls to the number to which the accounts are really issued (phone numbers also leak from banks, and both spammers and just scammers call, alas, this is a fact).

Count on the fact that any of your data,provided to a third-party service will become publicly available, you do not need to think that they are protected. And therefore proceed from the worst assumptions, we are left with nothing else today. Alas, this is how our world works.

It is impossible to create a digital twin, it is everythingwill still be attached to you, and such protection is very expensive, and it can be easily destroyed. Therefore, just be reasonable with your data, do not indicate anything superfluous. And in the event of a leak, try to contact lawyers so that they, on your behalf, demand compensation from the company that allowed it. Only ruble punishment can act in such cases, nothing else works.

You cannot protect your data in the services,which you use, but you can do it on your device, read the text about it (in the list of links below). I think that the beginnings of digital hygiene and a reminder of basic things will not harm anyone.

Data leakage in the Yandex.Food service is a problem of personal data

Data leakage in the Yandex.Food service - what you ate, how much you spent, where you live. And all this in a convenient form on the map.

Mobile-review.com Is your smartphone knocking on you? An alternative to iOS/Android in terms of privacy

What does the smartphone know about you and how does it knock on you; why Android/iOS collect data about you and why; what is the alternative to surveillance and is there one

Mobile-review.com How to protect your data from leakage, hacking, and your phone from loss or theft. Digital Security

Details on how to protect your data on your Android smartphone so that it does not get stolen, your account is not hacked, and a lost phone does not become a disaster.