Massive data breach exposes Russian officials’ passport details

Government officials are among hundreds of thousands of Russian citizens to have had their passport information published on the internet, following a huge data leak.

According to the RBC news website, around 360,000 people had their passport data posted across at least eight government webpages.

Assessment conducted by data protection specialist, Ivan Begtin, found that 2.2 million passport records acquired from online marketing forums had been placed in the public domain. Mr Begtin disclosed his findings in April.

Deputy chairman of the State Duma, Alexander Zhukov and former deputy prime minister, Arkady Dvorkovich are among the government figures to be caught up in the incident, according to the most recent readings. Former reformist deputy prime minister, Anatoly Chubais – the current head of government-owned tech agency, Rusnano, is also believed to have had his documentation compromised.

According to RBC, Mr Begtin said:

“The reason [for the leak] is the officials’ reluctance to do anything, although they are aware of the … lack of professionalism in the development of IT systems,”

Included in Begtin’s orginal analysis were 300,000 entries leaked on the Federal Treasury website. The body told RBC of its intention to “take measures to prevent this from happening again, if necessary.”

Writing on Facebook, Begtin said that news of his discovery was passed on to RBC eight months after government agencies and Russia’s communications regulator had been informed.

People in Russia who are found guilty of a data breach that leads to personal information being posted illegally online can be fined up to 75,000 rubles (£906).

Towards the end of 2018, the mobile phone numbers and residential address of a senior Russian government official, a famous film director, and a high-profile entrepreneur’s relative were posted on an international database, after a major data breach.


PrivSec Conferences will bring together leading speakers and experts from privacy and security to deliver compelling content via solo presentations, panel discussions, debates, roundtables and workshops.

For more information on upcoming events, visit the website.

We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.