Moscow IT Department Responds to Alleged Data Leak: Compilation of Previously Leaked Information

By Riley ThompsonTechnology News

Moscow IT Department Comments on Alleged Data Leak

Specialists from Data Leakage & Breach Intelligence (DLBI) have reported that a text file titled “Department of Information Technologies of Moscow_2023.csv” has been published online. According to experts, this file contains 13,462,446 rows, including:

  • Full names
  • Phone numbers (7.2 million unique numbers)
  • Email addresses (4.8 million unique addresses, with over 16,000 in the @mos.ru domain)
  • Registration and actual residential addresses
  • Dates of birth
  • Passport or birth certificate series and numbers
  • Place of birth information

DLBI noted that, according to their information, this data dump has been available for sale and in closed exchanges for some time, albeit in a slightly different format. A more complete version of the dump reportedly also includes health insurance policy numbers and Moscow social card numbers. The data is dated September 2023.

Background and Official Response

In April 2024, the hacker group DumpForums claimed responsibility for hacking the server of the Moscow Department of Information Technologies (mos[.]ru/dit/). The attackers stated they had stolen about 40 TB of data. On their Telegram channel, the group claimed the breach actually occurred a year earlier and that they had maintained access to the IT Department’s network despite all attempts to block them.

The press service of the Moscow IT Department told Kommersant that the file circulating online is a compilation of data obtained from breaches of other systems, as well as information from open sources. “Specialists from the Department of Information Technologies, together with vendors and regulators, are studying the information published online. There have been no recorded system failures or breaches of integrity, availability, or confidentiality of information,” the department stated.

DLBI founder Ashot Oganesyan told journalists that the dump is very likely part of a major leak that occurred in the summer or fall of last year. According to him, hackers claimed in April 2024 to have breached several city resources (EMIAS, IS UDRVS, the Moscow mayor’s portal, SUDIR, and others).

As previously mentioned, DLBI reports that a more complete version of the dump has been circulating in closed sales since late 2023. However, the gradual decrease in the price of this database “indicates that fraudsters have become disappointed in their ability to sell it and in the usefulness of the data it contains.”

Leave a Reply