A Moscow office of Russia’s Pension Fund leaked the personal data of more than 17,000 people to companies registered in that Pension Fund office’s local district, according to a post on the IT blog Geektimes.
A Web designer named Sergey Deryabin says he recently received a mass email from the Pension Fund’s local office asking him to identify all his insured employees with undocumented work experience. The Pension Fund office supplied Deryabin and presumably all the other businesses in the area with a list of 17,752 people’s personal information, including birth dates, registered home addresses, and even their personal insurance policy numbers.
Deryabin says he’s appealed to the city’s district attorney to complain about the data leak.
According to Russia’s laws on personal data, illegally sharing other people’s private information can result in civil, criminal, administrative, or disciplinary penalties.