Personal data from government services leaked to the public

Personal data privacy issuetransferred to the disposal of the portal of public services more than once caused concern among Russians. Recent events have shown the validity of citizen anxiety. As a result of an error in the software of one of the regional servers, the personal data of the clients of the State Services were in the public domain for some time.

The leak was discovered by the founder of DeviceLock. Confidential information about user data of the State Services portal was available at one of the hacker forums. In total, data on over 28 thousand Russians, presumably from the Khanty-Mansi Autonomous Area, became available on the network.

In the public domain were names, datesbirth, personal account insurance number (SNILS), tax identification numbers (TIN), phone numbers, email addresses, and information about children.

According to specialists, the data was receivedfrom the open index of the Elasticsearch server, left in the public domain due to a configuration error. The leak dates back to December 3rd. Currently, the vulnerability of confidential data has been eliminated, and a verification has been launched on the fact of a leak.

Source: Kommersant