Russia investigates claims of biometric data leak
The Russian Ministry of Digital Transformation and the Federal Security Service of the Russian Federation (FSB) are investigating claims of a leak on Monday affecting biometric data from passports issued by the Federal State Autonomous Institution (FGAU) Voskhod Research.
According to Russian media company RBC, the Ministry has found no evidence of the leaked data yet, which was first reported by the publication and a Telegram channel called “Before everyone else. Well, almost.”
The information from RBC hints at a threat actor infiltrating the PVDN database, which Voskhod Research uses for processing personal data and biometrics and issuing electronic passports. The media firm adds that the hacker may have accessed “tens of percent of the passport database, which has been maintained since 2006.”
The allegedly stolen information pertains not only to Russian passports but also to some from citizens of Kazakhstan and Belarus.
Initial findings from the joint Ministry of Digital Transformation and the FSB claim that while they found no evidence of a leak, they did spot unauthorized access to the Voskhod Research internal network.
Further, the authorities state that even if threat actors had obtained access to the biometric data, the data was encrypted. Decryption keys are stored at a separate location from where the data was taken, in a facility owned by Goznak, a separate joint-stock company responsible for R&D and manufacturing security products.
Talking to RBC, Vladimir Arlazarov, CEO of Smart Engines, the company behind the development of Russia’s (and other countries’) passport technology, says there is a slight chance the alleged attacker could manage to decrypt the data.
This, the executive adds, could enable the creation of forged identities. Because of this, Arlazarov suggests potentially affected passport holders cancel their documents and apply for new ones.
The alleged leak and connected investigation come weeks after Russian authorities unveiled plans to award an 830 million-ruble (US$10.9 million) contract to create facial recognition stations on the country’s border.