On October 3, 2011, several Russian citizens’ documents, including financial statements and passport numbers, were posted on the website rusleaks.com [ru].
Soon after the flood of documents was noticed, the Russian Prosecutor General and the Agency for the Supervision of Information Technologies (which goes by the abbreviated name Roskomnadzor) announced it was investigating how the personal data was leaked to the so-called “anti-corruption” site Rusleaks. Several Rusleaks domain names are currently inaccessible.
Leaked personal information
Russian news site Vedomosti writes that two of its staff found personal information in the leak [ru]:
Корреспондент «Ведомостей» нашел в базах Rusleaks данные своего старого паспорта и помесячные данные о зарплате за вторую половину 1990-х гг., а его коллега — номера двух старых паспортов и некоторые данные, удаленные из «В контакте».
A Vedomosti correspondent found in Rusleaks documents information about his old passport and monthly statements about his wages for the second half of the 1990s, and his colleague found two old passport numbers and some information that had been deleted from VKontakte [social network].
The Russian government has stated that the posting of such information violates online privacy laws. The Prosecutor's office has filed a lawsuit to the Moscow city court regarding the case (if won by the prosecutor, the website will be blocked for Russia-based users) and has demanded [ru] that Internet.BS Corp (registrar through which the rusleaks.com domain was delegated) stops its registration.
In only two known prior cases has the Russian government decided to use domain hijacking: for sites sochi.ru and torrents.ru, the largest Russian torrent portal, which was blocked in 2010 for violating article 146 of the Russian criminal code.
The agency also noted that some of the personal data, which spans the years 1999 to 2007 may have been forged [ru].
Who's to blame?
Well-known Russian blogger Anton Nosik, whose Citibank account information from 2003 was leaked, posted [ru] a screenshot of the pilfered information on his blog. Nosik intimated that the information must have been passed through various levels of the Russian government and ended up in the public domain.
Круг чиновников и силовиков, с которыми коммерческий банк в России обязан делиться всеми данными своих клиентов, невозможно установить. Зато теперь понятнее становится характер информации, сливаемой банками государству, и способ её хранения.
A poll [ru] posted by the site Habrakhabr shows that 67.55 percent of those polled agree that:
Опубликование подобных данных, скорее зло чем польза, даже в России
Many commenters distinguished between Rusleaks and whoever gave the information to Rusleaks. User CLR noted [ru] that the information “wasn't stolen but was bought off people who have access to it,” and stressed that it was necessary to punish those people and not simply the site that posted the information.
User Himari noted [ru]:
Проблема не в том, что существуют такие сайты, а в том что эти данные утекают. Вы как наше правительство, боритесь с последствиями, а не причинами. Тем более раз утекло, то уже всё — оно будет переодически всплывать.