companies began to hide leaks of personal data of clients more often – Kommersant

Over the past year, 155 reports of data leaks from users of Russian companies were recorded – 8% less than in 2022. This follows from calculations by the Kaspersky Digital Footprint Intelligence service, which are given by “Vedomosti”. At the same time, the number of disclosed rows with user data for the year increased by 24%, to 342 million.

The number of published posts with user passwords increased by 17.5%. According to experts interviewed by Vedomosti, medical institutions, the financial sector and government agencies most often suffered from personal data theft in 2023.

Deputy Director of the NTI Competence Center “Trusted Interaction Technologies” based on TUSUR, Ruslan Permyakov, believes that there are fewer announcements about leaks, since some of them are still hidden. Despite the law requiring the operator to report leaks, there is no effective control and punishment mechanism yet. Konstantin Melnikov, head of the ETHIC digital threat analytics and assessment service at Softline Group, claims that attackers often try to establish contact with the victim in order to receive a ransom directly, without publishing information about the leak.

Now companies are fined 100–300 thousand rubles for leaking personal data. In January, the State Duma adopted in the first reading the law on turnover fines for leaks. According to the amendments, the fine will range from 3 million to 15 million rubles. depending on the size of the database leaked into the network. For repeated leaks, companies may be assessed a turnover fine of 0.1% to 3% of revenue for a calendar year or for part of the current year, ranging from 15 million to 500 million rubles.

More details in the material “Compensation is selected based on data”.

Anastasia Larina