The Biggest Personal Data Leaks of 2022
Posted: Sun Jan 19, 2025 4:21 am
Experts noted a decrease in the number of cases of disclosure of personal information in 2021, but this was a temporary phenomenon. Some experts note that already in 2022, over 300 million records leaked from domestic enterprises and organizations. In other words, the total number of such cases was greater than the population of our country.
If we analyze the available chinese student data package information about personal data leaks in Russia, we can conclude that all these cases have many common features. For clarity, we will systematize the known information about such incidents in a table:
Company Leaked data Leak volume Result
Delivery Club name, phone number, address details (e-mail, delivery location), what was ordered, cost, date and time of order, IP address 2.2 million orders There is no information about the culprits, the company has initiated an internal investigation
Geek Brains name, e-mail, phone number Over 200,000 clients There is no information about the perpetrators, no measures have been taken
Kari (retail) Full name, phone number, e-mail, date of birth, place of residence (town and region), bonus card details Over one million accounts There is no information about the perpetrators, no measures have been taken
Pikabu Login, e-mail, phone number Over one million accounts There is no information about the perpetrators, no measures have been taken
"Gemotest" Full name, passport details and date of birth, place of residence, telephone number, e-mail, test results 31 million data records, 554 million orders There is no information about the perpetrators; the company was fined 60,000 rubles.
"Metropolis" (Moscow shopping mall) phone, e-mail, name, number of bonuses, links to social network accounts Approximately 87,000 buyers There is no information about the perpetrators, no measures have been taken
Post office Tracking code of the shipment, full name (or company name) of the sender/recipient, phone number of the recipient, settlements of the sender/recipient, weight, status, date and time of dispatch Data on 10 million shipments There is no information about the perpetrators, no measures have been taken
RIA Novosti Full name, login, e-mail, links to social network accounts 665,600 accounts, 2.2 million orders There is no information about the perpetrators, no measures have been taken
Rostelecom Full name, e-mail, phone, IP address, date of registration and last activity Over 713,000 clients of the Smart Home system The culprits are unknown, the company was fined
SDEK User ID, phone number, full name, e-mail, postal address Over 1.5 billion lines of information (three leaks) The culprits are unknown
Tele2 Full name, phone number, e-mail Over seven million phone numbers The culprits are unknown, the company has initiated an internal investigation
Tutu.ru Last name, phone number, e-mail 2.6 million applications, 2.29 million phone numbers The culprits are unknown, no measures have been taken
Yandex.Food Last name, phone number, delivery address, order comments, order time About 50 million orders, 6.9 million phone numbers The culprits are unknown, the company was fined 60,000 rubles, and a criminal case was opened
Yandex.Practicum
name, surname, login, e-mail, phone number, Yandex ID Over 300,000 users The culprits are unknown, the company has initiated an internal investigation
Key findings on the leak of personal data in Russia
In the above cases of personal data leakage in 2022, those responsible for the incidents were not identified. Accordingly, they were not punished.
Companies that experienced a major leak of personal data openly took steps to "hush up" the incident. Only one case was reported to law enforcement. Internal investigations initiated by the guilty companies were not completed or their results were hidden from the public. Measures to prevent leaks of personal data in the future were not taken. This led to the fact that in a number of companies such incidents were repeated repeatedly.
The companies were not punished. A fine of 60 thousand rubles for leaking personal data during turnover transactions with six-figure sums seems imperceptible. At the same time, many people who suffered as a result of such incidents filed lawsuits in court to compensate for the damage incurred. The position of the applicants in these cases looks losing, since in order to compensate for the damages caused by the attackers, evidence of a direct cause-and-effect relationship between the fact of information leakage and fraudulent actions is needed. In practice, it is impossible to prove this, and the amount of compensation for moral damages is usually minimal.
How to achieve multiple growth in traffic and sales from your website?
Alexey Boyarkin
Dmitry Svistunov
Head of SEO and Development
Read more posts on my personal blog:
I have always been concerned about the issue of moving to a fundamentally new level. So that the indicators would grow not by 2 or 3 times, but by several orders of magnitude. From a thousand visits to ten thousand or from ten thousand to a hundred thousand, if we are talking about a website, for example.
And I know that such leaps are always the result of painstaking work in five areas:
Technical condition of the site.
SEO.
Collection of site semantics.
Creating useful content.
Working on conversion.
And at the same time, every manager needs an increase in sales and the number of applications from the site at the moment.
To get this growth, download our step-by-step template for increasing sales from the site:
Download template
If we analyze the available chinese student data package information about personal data leaks in Russia, we can conclude that all these cases have many common features. For clarity, we will systematize the known information about such incidents in a table:
Company Leaked data Leak volume Result
Delivery Club name, phone number, address details (e-mail, delivery location), what was ordered, cost, date and time of order, IP address 2.2 million orders There is no information about the culprits, the company has initiated an internal investigation
Geek Brains name, e-mail, phone number Over 200,000 clients There is no information about the perpetrators, no measures have been taken
Kari (retail) Full name, phone number, e-mail, date of birth, place of residence (town and region), bonus card details Over one million accounts There is no information about the perpetrators, no measures have been taken
Pikabu Login, e-mail, phone number Over one million accounts There is no information about the perpetrators, no measures have been taken
"Gemotest" Full name, passport details and date of birth, place of residence, telephone number, e-mail, test results 31 million data records, 554 million orders There is no information about the perpetrators; the company was fined 60,000 rubles.
"Metropolis" (Moscow shopping mall) phone, e-mail, name, number of bonuses, links to social network accounts Approximately 87,000 buyers There is no information about the perpetrators, no measures have been taken
Post office Tracking code of the shipment, full name (or company name) of the sender/recipient, phone number of the recipient, settlements of the sender/recipient, weight, status, date and time of dispatch Data on 10 million shipments There is no information about the perpetrators, no measures have been taken
RIA Novosti Full name, login, e-mail, links to social network accounts 665,600 accounts, 2.2 million orders There is no information about the perpetrators, no measures have been taken
Rostelecom Full name, e-mail, phone, IP address, date of registration and last activity Over 713,000 clients of the Smart Home system The culprits are unknown, the company was fined
SDEK User ID, phone number, full name, e-mail, postal address Over 1.5 billion lines of information (three leaks) The culprits are unknown
Tele2 Full name, phone number, e-mail Over seven million phone numbers The culprits are unknown, the company has initiated an internal investigation
Tutu.ru Last name, phone number, e-mail 2.6 million applications, 2.29 million phone numbers The culprits are unknown, no measures have been taken
Yandex.Food Last name, phone number, delivery address, order comments, order time About 50 million orders, 6.9 million phone numbers The culprits are unknown, the company was fined 60,000 rubles, and a criminal case was opened
Yandex.Practicum
name, surname, login, e-mail, phone number, Yandex ID Over 300,000 users The culprits are unknown, the company has initiated an internal investigation
Key findings on the leak of personal data in Russia
In the above cases of personal data leakage in 2022, those responsible for the incidents were not identified. Accordingly, they were not punished.
Companies that experienced a major leak of personal data openly took steps to "hush up" the incident. Only one case was reported to law enforcement. Internal investigations initiated by the guilty companies were not completed or their results were hidden from the public. Measures to prevent leaks of personal data in the future were not taken. This led to the fact that in a number of companies such incidents were repeated repeatedly.
The companies were not punished. A fine of 60 thousand rubles for leaking personal data during turnover transactions with six-figure sums seems imperceptible. At the same time, many people who suffered as a result of such incidents filed lawsuits in court to compensate for the damage incurred. The position of the applicants in these cases looks losing, since in order to compensate for the damages caused by the attackers, evidence of a direct cause-and-effect relationship between the fact of information leakage and fraudulent actions is needed. In practice, it is impossible to prove this, and the amount of compensation for moral damages is usually minimal.
How to achieve multiple growth in traffic and sales from your website?
Alexey Boyarkin
Dmitry Svistunov
Head of SEO and Development
Read more posts on my personal blog:
I have always been concerned about the issue of moving to a fundamentally new level. So that the indicators would grow not by 2 or 3 times, but by several orders of magnitude. From a thousand visits to ten thousand or from ten thousand to a hundred thousand, if we are talking about a website, for example.
And I know that such leaps are always the result of painstaking work in five areas:
Technical condition of the site.
SEO.
Collection of site semantics.
Creating useful content.
Working on conversion.
And at the same time, every manager needs an increase in sales and the number of applications from the site at the moment.
To get this growth, download our step-by-step template for increasing sales from the site:
Download template