20M Russians' Personal Tax Records Exposed in Data Leak
An unprotected Elasticsearch cluster contained personally identifiable information on Russian citizens from 2009 to 2016.
A database holding more than 20 million Russian tax records was found unprotected, leaving personal tax data accessible to anyone with a web browser, researchers reported this week.
The AWS Elasticsearch cluster contained data on Russian citizens spanning 2009 to 2016, according to Comparitech, which partnered with security researcher Bob Diachenko to investigate the leak. No password or any authentication was needed to access the cluster, which has now been taken offline. Researchers cannot confirm whether data was taken.
Multiple databases were stored in the cluster. Some held random and publicly sourced data; two held tax data and personally identifiable information about Russian citizens, most of them from Moscow and the surrounding area. One database had more than 14 million personal and tax records from 2010 to 2016; another had more than 6 million records from 2009 to 2015.
The records held information including full name, address, residency status, passport number, phone number, tax ID number, employer name and phone number, and tax amount. None of the data was encrypted, researchers report, and it was left exposed for more than a year.
Read more details here.
Check out The Edge, Dark Reading's new section for features, threat data, and in-depth perspectives. Today's top story: "How the City of Angels Is Tackling Cyber Devilry."
About the Author
You May Also Like
The State of Attack Surface Management (ASM), Featuring Forrester
Nov 15, 2024Applying the Principle of Least Privilege to the Cloud
Nov 18, 2024The Right Way to Use Artificial Intelligence and Machine Learning in Incident Response
Nov 20, 2024Safeguarding GitHub Data to Fuel Web Innovation
Nov 21, 2024