ZDNet reported today that multiple Russian government sites have leaked the personal and passport information of over 2.25 million citizens, government employees, and high-ranking politicians. Ivan Begtin, co-founder of Informational Culture, a Russian NGO, has discovered and documented the leaks.
Paul Norris, Senior Systems Engineer, EMEA at Tripwire:
“The fact that the personal identifiable information that was leaked in this incident belongs to government officials makes the response of their organisations and of the people involved even more crucial. There is obvious value in obtaining passport information, job titles, email addresses, place of work and tax identification numbers of government workers but these are also a goldmine for malicious actors intending to plan further attacks.
It is paramount that the involved parties take all the necessary steps to mitigate the consequences of this incident, which include changing all their passwords, requesting a new passport and looking out for potential BEC and spear phishing emails that may come through their inbox.
Instances such as this data leak should serve as a reminder that all organisations should take security weaknesses warnings very seriously and should continuously monitor their entire network and infrastructure for potential vulnerabilities, especially when their servers contain such sensitive data.”