The court fined the structure of Roskomnadzor for data leakage – Kommersant

The “Main Radio Frequency Center” (GRC) subordinated to Roskomnadzor was fined for leaking a database of employees, follows from a message in the file cabinet of the Judicial Section of the Justice of the Peace No. 456. Information about the decision “on the imposition of an administrative penalty” appeared in the file cabinet on May 2, the text of the decision has not yet been published.

In November last year, the Belarusian hackers “Cyberpartisans” attacked the GRFC, as they announced in their Telegram channel. The hackers said they hacked into the victim’s internal network, uploaded documents, as well as internal correspondence of employees. In addition, the hackers claimed they were able to encrypt employee workstations and damage the organization’s infrastructure. In the very center of “b” then reportedthat “criminals did not gain access to either classified information or critical infrastructure.” However, in February, materials of the department, distributed by the media, recognized as foreign agents in Russia, appeared in open access.

Judging by the case file, the Center was fined for processing personal data without consent or in violation of the requirements for the content of consent to the processing of personal data (part 3 of article 13.11 of the Code of Administrative Offenses of the Russian Federation), DestraLegal explains. Most likely, violations were revealed during the verification of the fact of the leak, the punishment for legal entities for such violations ranges from 30 to 150 thousand rubles.

“The previous practice of such disputes shows that the fine does not exceed 60 thousand for large leaks like Yandex Food, and we believe that in this case it will also not exceed such an amount,” DestraLegal experts predict.

Turnover fines developed by the Ministry of Finance since last year for leaks of personal data for legal entities have not yet been submitted to the State Duma for consideration.

Tatyana Isakova