The Network Freedoms project spoke about a large influx of appeals in a class action lawsuit against Yandex.Food after the leak of customer data.
We have received more than 1,600 calls to the hotline, the operators are working tirelessly. We will answer everyone, but it will take time.
Here is what you can do to improve communication:
Fix the fact of disclosure of your data. For example, take a screenshot of the leaked screen so that the date and time are visible.
Take a screenshot of the page in Yandex.Food with account information (left menu personal data) to confirm that you are a user of the service. Food" after a massive leak of customer data.
On March 1, the information security service of Yandex.Food spoke about the discovery of a data leak. A press release from the company says that it occurred due to the unfair actions of one of the employees. The company also applied to law enforcement agencies with a statement about unauthorized access to customer data and is doing everything to prevent the dissemination of published information.
According to data on this leak from the DLBI leak search and monitoring service for the dark web, Yandex.Food information appeared in the public domain on February 27. There was an archive with three SQL dumps containing a total of 49,441,507 (49.4 million) order rows, including the following columns and data:
names and surnames of customers, as they are recorded in the user profile of the service;
phone numbers - in total there are 6,882,230 unique numbers from the Russian Federation (almost all regions) and Kazakhstan and 206,725 from Belarus;
full delivery address of the client;
comments to the order;
the download contains order dates from 06/19/2021 to 02/04/2022.
On March 22, 2022, a link to a site with an interactive map appeared in the media and various Telegram channels, on which, according to the addresses, customer data from the leak of the Yandex.Food service was plotted. Yandex is aware of this situation. The company clarified that this is not a new leak, but a visualization of data from a leak that occurred at the end of February.
“There have been no new information security incidents since March 1. We are talking about the leak, which Yandex.Food reported on March 1 and then notified all affected users by e-mail, ”the press service of the service said.
On the map, you can find the following customer data: full name, phone number, address up to the apartment, email, total spending in Food for six months.
On March 23, Roskomnadzor announced that it had drawn up a protocol against Yandex.Food LLC for violating the law in the field of personal data under Part 1 of Art. 13.11 of the Code of Administrative Offenses of the Russian Federation. According to the protocol, the company faces a fine in the amount of 60 thousand rubles to 100 thousand rubles. The exact amount of the fine will be determined by the court.
In February of this year, the Ministry of Digital Development proposed introducing multimillion-dollar turnover fines for personal data operators for leaking personal data (PD) of Russian users. This measure should draw attention to their protection, as well as force PD operators to significantly improve current protection measures to prevent further leaks.
Currently, there are very small fines for the leakage of personal data, in accordance with Article 13.11 of the Code of Administrative Offenses. In fact, PD operators now risk nothing if they lose the databases of thousands of users. A fine of several tens of thousands of rubles will be imposed on them by the court.
In November 2021, a court fined Oriflame 30,000 rubles for leaking the personal data of 1.5 million Russian customers, including scanned copies of their passports. Experts believe that the damage to users from such leaks can be hundreds of millions of rubles - fraudsters can take microloans according to documents from the leak, issue SIM cards or wallets of payment systems, and even try to steal money from bank accounts of affected customers using social engineering.
bbabo.Net