VK hit with ‘exorbitant’ $780 fine after data breach compromised 3.5M users’ personal records

Source: Meduza

In Moscow, a justice of the peace has imposed a penalty on VK, a Russian social media company found guilty of compromising 3.5 million user records containing personal information.

The corporation must pay 60,000 rubles ($780), the absolute minimum prescribed by the Russian Administrative Code as a fine for corporations that violate privacy laws.

Last January, it emerged that 3.5 million VK user records containing personal data were openly available on the Web as a result of a breach. The records were associated with Mail.ru, Bk.ru, and Inbox.ru email addresses and also contained the users’ full names and phone numbers. VK minimized the incident at the time, claiming that users had nothing to worry about.

A report on VK’s internal investigation says that an “external culprit” had accessed the company’s user data by penetrating its “test IT infrastructure” in April 2022.