Data leakage can be put on rails

47
Data leakage can be put on rails


Your data is our wealth


A person generally doesn’t have much personal data, even taking into account biometrics. But the channels through which they can spread and, in a negative scenario, flow away are a dime a dozen. In the context of digitalization of not only the economy, but also the social sphere, the issue of protecting citizens’ personal data is especially acute.



It is no coincidence that even President Putin had to speak out about this not so long ago, who emphasized that “we are all talking, and not only talking, but taking energetic steps to digitalize our economy, social sphere and life in general. In this regard, of course, the issue of personal data protection is especially relevant.”

Thus, at a meeting with the head of Roskomnadzor Andrei Lipov, the head of state asked his interlocutor to begin his report with this topic. At the end of 2023, Russian President Vladimir Putin signed a law significantly increasing fines to protect the personal data of citizens collected by organizations.

The document concerns the collection of biometrics and other personal information from citizens. Thus, violations when working with biometric data will entail the imposition of an administrative fine on officials in the amount of 100 thousand to 300 thousand rubles, on legal entities - from 500 thousand to 1 million rubles.

Penalties for processing them without the written consent of citizens have also been tightened (Article 13.11 of the Administrative Code). Fines will be levied: for citizens - from 10 thousand to 15 thousand rubles, for officials - from 100 thousand to 300 thousand rubles, for legal entities - from 300 thousand to 700 thousand rubles. If the violation is committed repeatedly: for citizens - 30 thousand rubles, for officials - 500 thousand rubles, for companies - up to 1,5 million rubles.

"Iron" bonus


But, apparently, these amounts do not scare everyone. For example, the staff of the Federal Passenger Company (JSC FPC), currently a subsidiary of Russian Railways OJSC, engaged in long-distance passenger transportation, recently received information about another innovation in the well-promoted Russian Railways Bonus loyalty program ( hereinafter referred to as the program).


JSC FPC began preparing open competitive procedures for selecting a platform that provides verification services for documents, selfies and certificates provided by participants in this program. The editors have at their disposal a form letter to potential executors of this order. This is what is required from the verification platform:

1. Scanning and document recognition with translation into text format.
2. Using a document authentication service (SNILS, Russian passport, etc.).
3. Scanning for digital interference in the submitted document.
4. Verification of selfie pictures for a match between the photo in the document and the face in the photo itself.
5. Recognition of student cards and certificates of study.

The platform on which it is planned to verify and recognize personal data and perform face matching can be provided in the form of a cloud service to which the data is sent. Note, perhaps, by the citizens themselves. And on this platform, these operations can be performed by people who work outside the generally closed circuit of Russian Railways.

That is, instead of Russian Railways employees, this work will be done by people on the platform. It turns out that, let’s say, anyone from the outside is allowed to access the unique database. If only he had access to the platform, although so far there is not even a clear technical specification for this.

It’s interesting that in practice, such crowdsourcing platforms already exist and work well – examples include recognition services with verifiers in the cloud from Beorg and Dbrain. Apparently, a large customer is simply looking for the cheapest way to carry out such verification.

Let’s make a reservation right away: it’s probably still too early to talk about malicious intent or sabotage. But at least the issue of negligence can already be raised. The fact is that participants in this platform will be almost all categories of citizens: families, pensioners, public sector employees and students. What is the demand for all of them? We are talking about millions of citizens.

In addition to civilians, the Russian Railways bonus program list will include SVO participants and members of their families. Their data is of particular value in the current situation, as it can be used for fraud, threats and even terrorist activities by TsIPSO and other interested services of unfriendly countries.

Need I explain that any data transfer carries the risk of information leakage? First Deputy Chairman of the Duma Defense Committee Alexey Zhuravlev is convinced:

“So, at one time, the Ukrainian authorities were happy to report that they managed to obtain up to 100 terabytes of information, so now it will be much easier to identify those who in new regions advocate unity with Russia. The protection of this information, of course, needs to be given more time and attention, and penalties for violations in this area must be toughened, which, in fact, is what we are doing.”


Tell me who are you?


It is unlikely that anyone today will be able to confidently say what really stands behind the desire of the Russian Railways subsidiary to develop a bonus program - self-interest, negligence or sabotage?

For the sake of completeness of information, all that remains is to provide official data about the company, which is ready today to offer the general public such a digital freedom, and not the notorious concentration camp.

So, in 2006, as part of the implementation of the Structural Reform Program in Railway Transport, approved by Decree of the Government of the Russian Federation of May 18, 2001 No. 384, a specialized branch of JSC Russian Railways was created for the organization and management of long-distance passenger rail transportation - the Federal Passenger directorate.

In December 2009, on the basis of the property of the Federal Passenger Directorate, a branch of JSC Russian Railways, an open joint-stock company, Federal Passenger Company, was established. A specialized property complex was added to the authorized capital of JSC FPC, and personnel providing long-distance passenger rail transportation were also transferred.

On April 1, 2010, JSC FPC began independent activities as a carrier. The company is a subject of a natural monopoly: by order of the Federal Tariff Service of Russia dated May 27, 2010 No. 190-JSC FPC was included in the register of subjects of natural monopolies in transport in the provision of railway transportation services.

Finally, direct quotes from the company data:

“The activities of JSC FPC in the market of transport services for the carriage of passengers are subject to state regulation in accordance with Federal Law dated August 17, 1995 No. 147-FZ (as amended on December 30, 2012) “On Natural Monopolies.”

On November 20, 2014, MIFNS of Russia No. 46 for Moscow issued documents on state registration of changing the name of the open joint-stock company “Federal Passenger Company” (JSC FPK) to the joint-stock company “Federal Passenger Company” (JSC FPK).”
47 comments
Information
Dear reader, to leave comments on the publication, you must sign in.
  1. turembo Rank
    turembo
    +5
    April 19 2024 05: 40
    Unfortunately, our data is a product that sells well, I don’t know who is fining whom, but fines make me feel neither warm nor cold when my data goes all over the network...
    1. vasyliy1 Rank
      vasyliy1
      0
      April 19 2024 07: 21
      "Oh- Hello brave new world!" In the future, I think all citizens will walk around with electronic chips and the authorities will simply begin to identify and turn off dissatisfied people and protesters. They will introduce a loyalty point system, this is why digitalization was conceived by the world government! Your every step will be under control!
  2. rotmistr60 Rank
    rotmistr60
    +3
    April 19 2024 05: 49
    The channels through which they can spread and, in a negative scenario, flow away are a dime a dozen.
    And when there is a demand for obtaining data, then of course there will be offers and no fines will block these offers. Unfortunately, today saving personal data (and not only) is a big problem, and tomorrow, apparently, it will be completely impossible. All that remains is to get used to objective reality and take it for granted.
  3. Medvedev_Dmitry Rank
    Medvedev_Dmitry
    +4
    April 19 2024 06: 30
    Talking rooms and fines... Digitalization is not inevitable, but I don’t see bright prospects for an individual person... Watching the global testing ground (PRC) - the prospects are so-so. smile And the data will be leaked as long as there is demand, but this issue will be resolved quickly and I think not with fines.
  4. dmi.pris1 Rank
    dmi.pris1
    +10
    April 19 2024 07: 33
    Data leak... Yes, everything has been leaked for a long time already. Wherever you go to any office, permission to process personal data is mandatory. Without it, there is no way. No certificate, no document, nothing. And then we wonder where the scammers come from. Everyone is trading our data , whoever is too lazy. Police, administration, telephone companies, etc...
    1. Mishka78 Rank
      Mishka78
      +10
      April 19 2024 11: 27
      Yes, data is shared literally instantly. Online database updates, etc.
      An example: at work we were given new corporate SIM cards. Operator - megaphone.
      They gave it out in the morning, I plug it into my phone, a couple of hours later it rings, I pick up the phone - and there is a robot offering me an apartment. Those. A completely new number is already in the mailing list. This means the megaphone leaked the data online.
      Registered as an individual entrepreneur. I submitted the documents to the tax office, went out, 2 hours later the first call.
      Good afternoon, Alfabank is bothering you about opening an account for an individual entrepreneur... And during that day 6 called me!! banks with the same question. This means that the State Tax Inspectorate leaked the data online.
      My grandmother (86 years old!) had her apartment raided several years ago. So now, regularly once a year, she receives a call either from the police or from the prosecutor’s office with a message that the thieves have been found, and right now they are ready to transfer her compensation for the stolen goods, but she must confirm her identity in order to transfer money to her and provide the employee with all her personal data, including card details and PIN code. This means that the Ministry of Internal Affairs leaked data about open criminal cases.
      Etc. etc.
      No amount of fines will save you from this; this is a side effect of “digitalization.” We must learn to live with it.
      Moreover, the funny thing is that these fines will be imposed on those who work in the dark and do not violate anything, while those who leak data illegally, as a rule, remain on the sidelines.
      It's about the same as with a short barrel. A law-abiding citizen has no right to have it, but a criminal has it and doesn’t care about the law.

      Well, there’s one more important point that needs to be realized.
      "If you don't pay for a product, then you are the product"
      That's exactly how all this "subscribe and get free" stuff works.
      1. nikolaevskiy78 Rank
        nikolaevskiy78
        +4
        April 19 2024 11: 37
        You don’t have to live with this, it’s just that the whole country, as best it can, should demand that paper documents be issued in the old fashioned way and nothing should ever be processed without them. Otherwise, everyone will end up with leaked digital signatures and loss of property rights. Our management Martians will not do this; they will say that they have not fit into the market and the population simply has poor digital literacy, and the population itself is dark and dense.
        1. Mishka78 Rank
          Mishka78
          +3
          April 19 2024 11: 52
          Mikhail, 9 times out of 10 I agree with you, you write excellent articles, but not in this situation. The same public services are an incredibly convenient system. Mos.ru - similar. After all, we are in 2024, not 1984.
          The issue is data protection. The question is to increase the literacy of the population (it seems that they are now starting to teach this in schools), in the same MFCs it is possible to put a ban on transactions with property without personal presence (I did this, for example), now a law on self-ban on loans, etc. is coming out.
          We must learn to adapt to modern times, and not roll back into the 20th century.
          So we can say that 15-20 thousand people die on the roads every year, let’s put everyone back on the carts..
          1. nikolaevskiy78 Rank
            nikolaevskiy78
            +5
            April 19 2024 12: 01
            Thank you for rating the work hi I try to, as they say, comply.
            Yes, the platform is convenient, but... I once had a phone that was little used. I decided to connect it and set it up as a phone number in the public service center. As a result, for two days, spam started pouring in. While I was just on the phone, there was no spam. As a result, I now have it simply turned off for several days. I rarely turn it on. This is no longer an option. But it’s not even these stories with SIM cards that worry us, but the real schizophrenia of people like Gref. These are banal people, because their numbers are an ideology, almost religious. How to remove this idiot from the top is, of course, a matter of questions.
          2. cpls22 Rank
            cpls22
            +7
            April 19 2024 13: 20
            Quote: Mishka78
            You can put a ban on transactions with property without personal presence (I did this, for example), now a law on self-ban on loans, etc. is coming out.
            .

            In my opinion, this should be made the “default” option, and if a person wants to manage things remotely, then let him go to the MFC. Not every pensioner will go to register something there, but they are the main source of food for scammers.
        2. Knell wardenheart Rank
          Knell wardenheart
          0
          April 19 2024 13: 10
          That's just +1
          ............
        3. your1970 Rank
          your1970
          0
          April 25 2024 12: 30
          You don’t have to live with this, it’s just that the whole country, as best it can, should demand that paper documents be issued in the old fashioned way and nothing should ever be processed without them. funny..
          Citizens are now coming to us who in 1993-94 wrote certificates of ownership with the wrong full name - whatever their name was on the collective farm / on the street - that’s what they wrote down.
          And it only dawned on people 30 years later that this was wrong: “And I thought that if it says what my name was on the street, then it’s correct!!”
          And in the passport it’s not Vasily Petrovich, as in the certificate, but Dmitry Nikanorovich.
          Now it’s less, but in 2010-2020 there was a boom.
          And this bullshit is all over the country...

          And you - “Give me paper! Yes, such paper - so that all papers have paper!! Final paper!” (C)
          It's funny, by God
  5. parusnik Rank
    parusnik
    +1
    April 19 2024 07: 41
    What concern for citizens. So that there is no leakage of PD. laughing The “black list” of the phone is many times larger than the “white list”. And who should you file a claim against? Who leaked it? laughing
  6. Yuras_Belarus Rank
    Yuras_Belarus
    +1
    April 19 2024 09: 34
    I must admit that in the territory of the former USSR, anti-virus and anti-hacking protection have long been a very weak link among IT technologies. Add the enormous level of illiteracy among users themselves in matters of protecting their own data. And like a cherry - the excessive pride and narcissism of those who cannot live a day without posting at least something on social networks.
  7. Non-fighter Rank
    Non-fighter
    +1
    April 19 2024 09: 38
    The main problem that is not mentioned in the article is data collection = data leakage = crime..
    I wonder when our authorities will realize that the manufacture and sale of military weapons (which can be and are used to commit crimes) and data leakage are events of the same order and the punishment for this should be the same. Not fines, but imprisonments. Those who are engaged in data theft are “white collar”, and if they know that for simple leaking/theft of data they will face a specific sentence with subsequent bans (oh, imagine a ban on working with computers) then this will stop them.
    1. futurohunter Rank
      futurohunter
      +1
      April 19 2024 10: 41
      Non-fighter
      You write everything correctly. But here we can only prohibit work in structures where there is a security service (state, financial organizations). It is impossible to prohibit working with computers in the current computerized world)) Everyone has a computer in their pocket, or even more than one))
      If we are talking about a digital concentration camp, then it is possible, following the example of blacklists of fraudsters in banks, to create a state database of admissions to professions and prohibitions on certain professions, and oblige employers to check all hired employees and submit data on them, and even to the same Rosfinmonitoring
  8. futurohunter Rank
    futurohunter
    +2
    April 19 2024 10: 37
    Ridiculous fines for “ordinary” citizens. But through these modest people in mobile operators and banks, data is mainly leaked. And there are also all sorts of “breakthroughs”. We don't need fines here, we need to put people in prison.
    And all kinds of “experts” from digitalization, which is so fashionable now, need to be thought about so that at last, the minimum number of people have access to personal data. For example, so that system administrators cannot directly view and copy records in the database. Or the same cell phones and bankers saw the data to a minimum. For example, a person’s passport is scanned and checked against his data by the system, rather than with the person’s eyes. And now they can go in and look at any data.
    Well, server hacking and database leaks also need to be excluded. Difficult? Yes? Can it be protected? I think it is quite possible to make life as difficult as possible for data thieves.
    And no cloud processing of personal data!
    Well, and of course, identifying fraudulent servers and attacks on them - from DDoS attacks to missile attacks on data centers. Beat the bastards mercilessly!
    1. nikolaevskiy78 Rank
      nikolaevskiy78
      0
      April 19 2024 11: 12
      Digital evangelist German Oskarovich Gref will answer your question in the negative. As a result, everyone will become diligent students in the digital Sber class and will receive digital grades, according to the digital rating. Then there will be a mandatory digital church, and the digitized results of your digital confession will be available for purchase on the database market.
      1. futurohunter Rank
        futurohunter
        0
        April 19 2024 14: 56
        Well, right now, as I understand it, he is more of an evangelist for his Sberbank. He's already screwed up with Sbergile and turquoise offices.
        The digital church is already there, but not mandatory yet, thank God am
        But, as you know, any prison has its own internal criminal groups, and here they don’t go away either. German Ibn Oskarovich will answer negatively until the insolent byte-dits steal something from him himself
        1. nikolaevskiy78 Rank
          nikolaevskiy78
          0
          April 19 2024 18: 16
          In this case, at our expense, he will invite another barefoot masseur-guru in a turban on a blue plane and will find peace and nirvana while the “two-legged insects” carry deposits to Sber-Guru Bank, suffering in the wheel of Samsara
    2. ANB Rank
      ANB
      0
      April 21 2024 00: 22
      . For example, so that system administrators cannot directly view and copy records in the database.

      System administrators do not have access to the database anyway. How can you hide these ideas from dba?
      1. futurohunter Rank
        futurohunter
        0
        April 22 2024 00: 15
        System level encryption. Signing each data record with a complex key. The decryption key is not with the dba, but with the cybersecurity officer
        1. ANB Rank
          ANB
          0
          April 22 2024 01: 33
          . System level encryption. Signing each data record with a complex key. The decryption key is not with the dba, but with the cybersecurity officer

          Have you worked with the databases yourself?
          There is currently no DBMS with encryption.
          The signature only protects the data from changes.
          If you encrypt at the application level (and only put encrypted data into the database), then how can you then use the database without a key (if only the security guard has the key)?
          Who will protect the data from the security guy himself?
          How can I then write queries to such a database?
          Well, for dessert - if a person uploads everything to himself on a social network, then what is the point in protecting his data?
          1. futurohunter Rank
            futurohunter
            +1
            April 22 2024 09: 15
            You are asking the right questions. The security policy needs to be thought through. The developers can write this entire sequel on an oestial basis, with artificially generated data, but they do not have access to the combat system. And why do they need access to the combat system if they only deploy updates and don’t bother with it? For dba, we prohibit manual adjustments and viewing of field values ​​in tables (I know, I know, I myself ruled it, once I saved the system in this way, another time, on the contrary, I killed it))). DBMS with internal encryption... may appear, but this can be done using triggers (however, access to the db still remains). The security key is only for direct access; of course, the key is hardwired into the system engine, possibly into some kind of conditional kernel. I agree, there is a vulnerability here that the data is processed in already decrypted form. Here it is solved by maximum processing on the backend, differentiation of access rights, etc. Perhaps even the sequel extracts the encrypted data and decrypts it using a secure procedure.
            But I completely agree with you that no technical system can save you from human sloppiness (or cunningly malicious intent; people bypass any protection, you just need to make the possibility of data theft as difficult as possible). The only thing here is to educate people as much as possible...
            1. ANB Rank
              ANB
              0
              April 22 2024 09: 21
              We agreed.
              So far only organizationally.
              In fact, I have not seen a single dba or experienced developer leaking data. The amount for the drain is insignificant compared to their salary. Nobody wants to take risks. This is also a ruined career. Then they won’t hire you anywhere.
              According to statistics, mostly small managers are caught.
              By the way, they often screenshotted the data available to them.
              1. futurohunter Rank
                futurohunter
                0
                April 22 2024 09: 30
                Yes, that’s why you need to protect yourself, first of all, from small freeloaders. Under no circumstances should they have a sheet with the data of a bunch of people on it! And even more so, they should not be able to look at someone’s personal data. I once worked at a well-known bank, where call center workers openly discussed funny customer names on an internal forum. People were freely climbing around the base out of boredom.
                There will still be isolated leaks - the passport of the arriving person can be scanned.
          2. futurohunter Rank
            futurohunter
            0
            April 22 2024 09: 18
            In a good way, the system should keep a log of who climbed where and what they did, and the security officer should have a gadget-monitor that raises the alarm if anyone with access is excessively active
  9. Knell wardenheart Rank
    Knell wardenheart
    +1
    April 19 2024 10: 51
    The authors raised an important topic, but outlined only the tip of the iceberg. A lot of data leaks to scammers through less pretentious channels - employees of social security services, employees of cellular operators. The same "Mail" is a potentially vulnerable place at the grassroots level.
    And regarding fines - the investigation at what stage the information was leaked to a specific person and where this is another problem. Databases can be formed from various sources - including data that is traded by grassroots workers. It’s hard to find any endings in such cases.
  10. nikolaevskiy78 Rank
    nikolaevskiy78
    +4
    April 19 2024 11: 00
    We need to change the title a little. Not "Data leakage can be put on rails", but "Data leakage was put on track long ago". This way it will be more accurate.
    1. futurohunter Rank
      futurohunter
      +1
      April 19 2024 14: 57
      You definitely said that(((Multi-track tracks have already been laid and marshalling stations have been built. While someone is writing and screaming something, the digital mafia has long become international
  11. AlexWar
    AlexWar
    0
    April 19 2024 13: 42
    You just need to deny access from any foreign IP addresses
    For example, prohibit the use of Mikrotik routers made in Latvia in Russia, which want to fight with us. Many system administrators have not yet been forbidden to do so and will use equipment that can be hacked and use vpn from it
    Well, for example, Mikrotik devices can be hacked, configured for yourself, and then carry out the attack wherever you want
    All state-owned enterprises must have double and triple entry security.
    1. AlexWar
      AlexWar
      0
      April 19 2024 13: 48
      During sanctions and war, it is necessary to completely prohibit any access from abroad to our sites.
      Anyone who works with the websites of organizations important for Russia is prohibited from leaving the country for at least 10 years.
      They worked here, they were recruited there, they were given money, they leaked their passwords.
      Either allow special agencies access, everything will be ok
    2. futurohunter Rank
      futurohunter
      0
      April 19 2024 14: 59
      AlexWar
      Yeah, ban foreign IPs, all your digital services will stop. Including the site where you wrote your “brilliant” idea
  12. Maks1995 Rank
    Maks1995
    +1
    April 19 2024 14: 09
    Strange surprise.
    Whoever has the data is the owner.
    Now there is a sharp increase in rules in the creep of the owners of everything - electricity, gas, water, etc.
    They wanted it and raised the prices. Services were imposed. The electricity was turned off. AND?
    Nothing. Pay for services and for connecting back electricity, water, gas, etc..
    And you will also have to pay for the data later. They will simply present a fact and a little blah blah that, at the request of the population...
  13. Alexey Lantukh Rank
    Alexey Lantukh
    +2
    April 19 2024 16: 23
    Unfortunately, data is collected for or without reason. For example, you buy a washing machine and in order to issue a guarantee you need almost all the passport data, although I don’t think that this is such a necessity. When you make a deposit, it’s the same story. You draw up another contract for a service, the work is the same again. You live like this and are afraid that someone will issue a loan for you or some kind of illegal writ of execution will come for collection.
    1. ANB Rank
      ANB
      +1
      April 21 2024 00: 30
      . that someone will issue a loan for you or some kind of illegal writ of execution will come for collection.

      This is where there is room to work. Protecting personal data is a difficult task. But just for loans, pass a law that if the bank cannot prove that you personally took out the loan, then this means that this is the bank’s problem. And if the bank managed to file a lawsuit and withdraw the money, then it will impose compensation in double the amount of the withheld amount. We also need to restore order in the courts. They stamp orders based on statements from the bank, without even calling the defendant.
      1. futurohunter Rank
        futurohunter
        +1
        April 22 2024 09: 37
        I think we should simply prohibit the issuance of loans without the personal presence of the client, or his authorized representative, and the appropriate identification procedure. And if someone needs a “line of credit for the future” - again, let him personally go to the bank and apply for a credit card, or the right to lending.
        But even in this way we will not protect ourselves from telephone scammers. Again, here some procedures for verifying online transactions with large sums for physicists are tedious. But protecting a person, in fact, from himself is the most difficult thing
        1. ANB Rank
          ANB
          0
          April 22 2024 14: 03
          . you just need to prohibit the issuance of loans without the personal presence of the client

          This is a trend among banks, with remote processing of loans. First they did it, and then they thought about safety.
    2. futurohunter Rank
      futurohunter
      0
      April 22 2024 09: 25
      All these postmen, traders and other oppressors really don’t need our data. A certain digital ID of a person can be created, linked to his data, to which only the person himself has access, and
      employees of some very “competent authorities”. For all kinds of purchases and other transactions, a person provides his ID. Another question is that another problem arises:
      1. "Grandmothers" will not use ID
      2. People will lose access to ID
      3. The same “telephone” scammers will try to gain access to the ID using these same methods
      4. ID will be stolen and leaked by those same “very competent employees”
      1. Alexey Lantukh Rank
        Alexey Lantukh
        0
        April 22 2024 13: 08
        In fact, the army and intelligence services have different levels of access to secrets. Something similar needs to be established by law for access to passport data. Those. trade and various household services only allow access to full name. and residence address and nothing more, and when issuing loans, depending on the size, banks also receive a copy of your passport, and possibly other data. Depending on the cost and importance of the operations, there should be at least 3 such levels.
  14. Zolotse Rank
    Zolotse
    0
    April 19 2024 23: 12
    It’s more difficult to say who is not currently trading data from those who have it! Everyone is interested in data as a way to get closer to the cash cow!
  15. Zolotse Rank
    Zolotse
    0
    April 19 2024 23: 17
    Quote: nikolaevskiy78
    You don’t have to live with this, it’s just that the whole country, as best it can, should demand that paper documents be issued in the old fashioned way and nothing should ever be processed without them. Otherwise, everyone will end up with leaked digital signatures and loss of property rights. Our management Martians will not do this; they will say that they have not fit into the market and the population simply has poor digital literacy, and the population itself is dark and dense.

    I strongly support it. I always do this. And I teach young people. Otherwise they don’t want to keep the labor report on paper...
  16. Mint Gingerbread Rank
    Mint Gingerbread
    0
    April 20 2024 19: 09
    I guess more than 90% of the data has been leaked for a long time, simply based on how many years the data has been collected. And the data is not only in Russia, but Americans also have extensive information about Russians. good At the legislative level, I would prohibit the issuance of loans without physical presence, and oblige all organizations to indicate, instead of a number, an identification number with information about who is calling.
  17. Bolt Rank
    Bolt
    0
    April 21 2024 16: 22
    This is all beautiful, of course. BUT! Where does the money come from? It's so funny
  18. nordscout Rank
    nordscout
    0
    April 22 2024 11: 43
    In this situation, everything is in the hands of a person.. If you don’t want “leaks”, stop communicating on networks, on company websites, leaving “traces” in any electronics, including your phone... And you will have quiet happiness.. Although the likelihood of such “happiness” strive for "0" in modern life...
    1. barbos Rank
      barbos
      0
      April 29 2024 22: 40
      leave "traces" in any electronics, including the phone...
      You still have to make an effort yourself so that any electronics (including your phone) keep your passport data, full name, and Taxpayer Identification Number (TIN) in “traces”. Usually all this beauty is poured out in thousands, sometimes millions, from bank or operator databases. In addition to your full name and passport data, there is a lot of other interesting stuff there. Have you ever wondered how scammers know so well that they are calling pensioners who have savings in an electronic bank account? After all, many pensioners have nothing else besides savings accounts since Soviet times.
  19. barbos Rank
    barbos
    0
    April 29 2024 22: 34
    Let's be honest, for large companies, fines of even 1 million rubles a day (one could argue that every day someone cheats someone) won't make any sense. The opsos will raise their tariffs to take into account the wind and won’t even notice, just like the banks. As always, clients will be responsible for everything. As always, we rub.
    If we assume that leaked personal data such as passport series and number, TIN can be considered compromised, then according to the laws of cryptography they must be urgently updated. And the injured party was paid compensation. Then the fine plus compensation for the loss of data and the hassle of updating documents may at least somehow force you to start worrying and take care of sensitive data. No one still cares, even despite high-profile cases of leaks.