According to cyber-security experts, vast quantities of supposedly private data - including from Russian state institutions - are bought and sold every day.
One morning in January 2018, Roman Ryabov left his office in the southern Russian city of Tula for a cigarette. He worked for Beeline, one of the largest mobile phone operators in Russia.
He was approached by a man he had never met before, Andrei Bogodyuk, who immediately made a business proposal. He wanted Ryabov to access the phone records of someone he knew.
Later that day Ryabov emailed Bogodyuk a long list of telephone calls and dates, for which he was paid 1,000 roubles (£12, $16).
Ryabov also supplied his new acquaintance with data from two more mobile phone numbers. But by then Beeline had spotted the data breach and had contacted the police.
The two were tried and sentenced to community service: Bogodyuk was given 340 hours and Ryabov 320.
Booming illegal tradeFast-forward a year and this method of acquiring personal data in Russia is already old-fashioned.
These days, private detectives, scammers or just jealous husbands can search illegal forums online and order the services of a hacker to give them an almost limitless supply of personal data.
The market for purchasing personal data in Russia is growing. For a modest fee, you can gain access to mobile phone records, addresses, passport details and even bank security codes.
The illegal forums also have sections for accessing data from state organisations, including the Federal Tax Service.
"If the d ..