Hackers claim breach of Russia’s real estate registry, leak alleged database fragment

The hacker group Silent Crow claims to have breached Russia’s Federal Service for State Registration, Cadastre, and Cartography (Rosreestr) and has published what it says is a fragment of the agency’s database.

The Telegram channel Information Leaks, one of the first to report the hack, stated that the leaked portion contains nearly 82,000 records with personal details, including names, birth dates, addresses, phone numbers, emails, SNILS numbers (similar to Social Security numbers), and Rosreestr IDs of Russian citizens.

An anonymous Telegram channel called Silent Crow, created in late December, posted about the breach on January 6. The group claims the published fragment includes around 90,000 entries from Russia’s Unified State Register of Real Estate. “Rosreestr has become a vivid example of how large state structures can fall in just a few days. As a result, their data, supposedly well-protected, has joined our collection,” the post said.

Journalist Andrey Zakharov pointed out that it remains unclear which specific data was leaked, as the fragment does not include cadastral numbers that could link properties to their owners. He speculated that the hackers may have deliberately omitted these details.

Agenstvo checked 15 randomly selected entries and confirmed that the individuals listed in them were real. For some, the property addresses in the leaked fragment matched their residential addresses.

Rosreestr has not confirmed the breach, stating only that “additional checks” are underway regarding the claims circulating on Telegram.

Rosreestr has frequently been used by journalists and independent investigators to uncover information about properties owned by officials — often purchased at prices far exceeding their declared incomes. Many investigations by the late Alexey Navalny’s Anti-Corruption Foundation (FBK) and his team have relied on Rosreestr data. Following some of these investigations, the names of officials and their relatives were hidden or removed from the registry. In March 2023, Rosreestr restricted access to information about property owners in accordance with a personal data law adopted in July 2022. Now, information about an owner can only be obtained with their consent.