Moscow, Russia - July 31, 2018: Tourists walk on the red square on a summer day. View of the square and the Kremlin's Spassky Tower (Moscow, Russia - July 31, 2018: Tourists walk on the red square on a summer day. View of the square and the Kremlin's
Zayne C., Getty Images
Multiple Russian government sites have leaked the personal and passport information of over 2.25 million citizens, government employees, and high-ranking politicians.
Ivan Begtin, co-founder of Informational Culture, a Russian NGO, has discovered and documented the leaks.
In a three-part blog post series, Begtin said he investigated government online certification centers, 50 government portals, and an e-bidding platform used by government agencies.
He said he found 23 sites leaking individual insurance account number (SNILS; Russia's equivalent for a Social Security number) and 14 sites leaking passport information.
In total, the data of more than 2.25 million Russian citizens was available online, available for anyone to download, Begtin said.
Other data leaked from these sites included full names, job title and place of work, emails, and tax identification numbers.
While some leaks were harder to identify and required Begtin to extract metadata from digital signature files, some data could be found using a Google search for open web directories on government sites.
Russian government notified eight months ago
In a Facebook post today, the researcher said he contacted Roskomnadzor, Russia's government agency in charge of data privacy, eight months ago.
Begtin told ZDNet that he notified the government watchdog several times, but the agency did not come through to secure the leaky government sites, but in fact claimed the data was legal to disclose.