Ivan Begtin, a co-founder of the Russian non-governmental organization Informational Culture, found that many government websites in Russia leaked citizen information. Begtin said in a blog post that he surveyed a government online certification center, 50 government portals, and an e-tendering platform used by government agencies. He found that 23 sites of them leaked the personal insurance number SNILS, and 14 websites leaked passport information.
According to Begtin, data on more than 2.25 million Russian citizens can be found online and can be downloaded by anyone. The data leaked from these sites also include full names, positions, work locations, emails, and tax identification numbers. Some data is harder to identify, and metadata needs to be extracted from digital signature files, and some data can be found using a Google search for open web directories on government sites.
The researcher said that he contacted Roskomnadzor, the Russian government agency responsible for data privacy, eight months ago, but the agency did not respond. Begtin shared his findings with the Russian news site RBC, and RBC subsequently published a deep disclosure article. The leaked information also included passports and personal information of several senior Russian government officials, including Russian Duma Vice President Alexander Zhukov, former Deputy Prime Minister Arkady Dvorkovich and former Deputy Prime Minister Anatoly Chubais.
The researchers believe that the reasons for the leak were the government’s inconsistent document management operations, unprofessional IT staff, and lack of internal monitoring solutions.