the Passport data of the violators of self-isolation in Moscow was in an open access Network. They can be found on the websites of the payment of fines by the unique identifier of the accrual (UIN).
the fact of the availability of data confirmed by the company in the field of cyber security, writes “Kommersant”. We are talking about a surname, name and patronymic and other passport data of the offender isolation. It is noted that as of may 10, in the capital there were about 35 thousand in fines.
Experts on cyber security, explained that to protect against data leakage, the system should block repeated attempts to enter the UIN. In addition, the information of citizens should be kept in a partially anonymised. However, the sites for the payment of fines do not have protection against such acts. To access information by entering the UIN manually is not easy, as it is a laborious process, however the task can greatly simplify simple software that will do this job automated.
the head of the Commission on legal empowerment of the digital economy of the Moscow branch of Association of lawyers of Russia Alexander Zhuravlev said that the opportunity to obtain the passport details of the citizens on the win breaks the law “On personal data”. According to him, the victims can Lodge a complaint with Roskomnadzor to check the leak. If data owners are recognized as victims, then the Supervisory authority may issue a fine of 75 thousand rubles. However, the amount will not go to the pockets of citizens, and the budget.
In the Department of information technology of Moscow said that the win in the decision to fine shall be known only to the offender isolation. Therefore, the Department advised not to upload pictures of resolution with UIN to the Network.
Earlier, the expert said, what do the citizens whose personal data were leaked to the public.
see also: the Expert explained how to properly “retire” from the Network