The Magistrate’s Court in St. Petersburg held PJSC Rostelecom administratively liable for violating the law on personal data. The court imposed a fine of 60,000 rubles. According to the case file, in June 2022, the company provided illegal access to information systems, resulting in the distribution of personal customer and employee data to an unlimited circle of people on a Telegram channel and website. The defender of the PJSC asked to dismiss the case due to the lack of composition, but did not dispute the fact of data leakage.
It was about the databases put up for sale that matched the information from the Smart Home service (rt.ru/smarthome). In June of last year, attackers published six text files containing a total of 712,999 lines, including full name, email address, phone number, hashed (bcrypt) password, IP address, date of registration and last activity.
In response, the company conducted an internal audit and assured that they had taken all necessary measures to protect the interests of customers. However, Roskomnadzor issued a protocol against the company under Part 1 of Art. 13.11 of the Code of Administrative Offenses of the Russian Federation for the processing of personal data in violation of the law, which led to the leakage of customer data.
Last summer, the company also “leaked” the table of internal accounts. The dump included 109,300 lines, containing full name, email addresses in the rt.tu domain and subdomains, position data, phone numbers (work and mobile), login and domain, record creation date (from 19.01.2021 to 15.12.2021), signs of a dismissed and active employee.
