Edition SecurityLab with reference to sources claimsthat the database “appeared in closed access to a very limited number of people in early spring”, and the data itself was allegedly stolen due to the presence of “a vulnerability in the laboratory’s IT system”
For a conditionally open sale, the data was uploaded no later than April 22, 2022, and first, information about Gemotest clients appeared on the shadow forum, and then about the results of the analysis. The message also states that in fact, there are fewer positions in the database being sold than stated by the seller – not 31 million, but approximately 30.5 million lines.
The head of information security of “Gemotest” Ivan Osipov reported RBCthat after the publication of the news about the data leak, an internal internal investigation was launched. If the results confirm the suspicion that there has been illegal access to information about customers and its distribution, the company’s management will decide to file a complaint with law enforcement agencies.
In parallel with the course of the internal internal investigation, a decision was made to additionally tighten technical measures aimed at ensuring an appropriate level of protection of confidential information and data security,” Osipov added, emphasizing that the information that got into the darknet constitutes a commercial secret of Gemotest.
At the Gemotest call center in Novosibirsk declared local publication NGS24 that at the moment they do not have any information about what happened and about the timing of the inspection.
We take all measures to ensure the security of personal data. While the check is being carried out, there is not even exact information whether this is true or not, the Hemotest explained.
Journalist Ksenia Sobchak, in her Telegram channel Bloody Lady, rated the data leak from Gemotest as “powerful” and incomparable in scale with all previous ones, since, judging by reports, information about the DNA of laboratory clients could have been stolen.
For you to understand, we are talking about 30 million customers and 554 million of their tests. There are two bases, both put up for sale on the darknet. <...> Customer test results since 2012. These are ALL types of analyzes and diseases. And one of the most popular analyzes is genetic. You donate saliva, and after a couple of months they tell you who you are, where you are from, where your relatives are, and so on, – writes Sobchak.
The previous large-scale data leak occurred at the Yandex.Food service, which became known on March 1, and this service itself reported it. Information about food orders, including usernames, addresses, phone numbers, got into the public domain. As the reason for the incident, “unfair actions of one of the employees” were named.
On March 22, a website appeared on the web with an interactive map based on the data of Yandex.Food users. Portal visitors could find out information about service users by their addresses. Yandex managed to block this site. On March 23, Roskomnadzor drew up an administrative protocol against Yandex.Food for violating Part 1 of Article 13.11 of the Code of Administrative Offenses of the Russian Federation, a fine for which reaches 100,000 rubles. Customers of the service who found their data in the “merged” database, filed a class action lawsuit against the company, demanding 100 thousand rubles per person.
Subscribe to RTVI telegram channel
On this topic: