Less Than 10% of Trade Secret Theft Cases in Russia Result in Prison Sentences

Experts from InfoWatch have analyzed official statistics on criminal cases involving the illegal acquisition and disclosure of information constituting commercial, tax, or banking secrets (Article 183 of the Russian Criminal Code). According to their findings, from 2019 to 2021, courts of first instance reviewed 188 such cases, resulting in 117 convictions. The study was based on data from the Russian State Automated Justice System.

More than 63% of these cases were prosecuted under Part 3 of Article 183, which covers the illegal collection, disclosure, or use of confidential information by conspiracy, as part of an organized group, or with aggravating circumstances, carrying penalties of up to five years in prison.

In over 46% of cases, the defendant’s actions were also qualified under additional articles—most commonly Article 272 (unauthorized access to computer information) and Article 138 (violation of the secrecy of correspondence, telephone conversations, postal, telegraph, or other communications).

The majority of defendants (70%) were ordinary employees of organizations, 18% were external offenders, and more than 10% were managers at various levels.

Guilty verdicts were issued in over 44% of criminal cases. However, less than 10% of those convicted were actually sent to prison; in most cases, judges imposed fines, suspended sentences, or corrective labor instead.

The harshest sentence was given to a Sberbank employee—two years in prison, apparently in connection with last year’s case in Kursk involving the theft of 2.4 million rubles from a trusting client who revealed a one-time code. The largest fine, 1 million rubles, was imposed in 2020 on an entrepreneur from Tatarstan in a trade secret theft case heard by a court in the Vladimir region.

Researchers also noted that in 80% of cases, the protected information was stolen from financial institutions and telecom operators. Offenders mainly used messengers and the internet to commit these crimes. For example, in early 2019 in Novosibirsk, former MTS employees received (albeit suspended) prison sentences for stealing data on more than 500,000 subscribers for personal gain.

To prevent crimes under Article 183, companies are advised to use not only organizational but also technical measures, including DLP (Data Loss Prevention) and SIEM (Security Information and Event Management) systems. In fact, the presence of a DLP system helped “AKADO-Yekaterinburg” in 2017 to prosecute two fraudsters who hacked the internet provider’s database and stole personal data of some clients.