On March 23, the Network Freedoms project announced the start of organizing legal assistance for affected users and organizing a class action lawsuit against Yandex.Food after a massive leak of customer data.
The data of Yandex.Food users was leaked to the Network. If yourself in the database, please contact our hotline.
Yesterday it became known that a database of Yandex users was published on the Internet, including addresses, names and some information about orders. This is not the first time this has happened. We believe that such an approach to the storage of personal data of one of the largest IT companies in Russia is unacceptable.
The Network Freedoms project is ready to assist in bringing the service to responsibility for not providing reliable storage of an array of sensitive information.
If your data is in the database and you are ready to be a plaintiff, write to us.
You will need a power of attorney so that the lawyer can act on your behalf. We do not collect personal information, so you will only disclose your passport data to a lawyer who will work on the case. On March 1, the information security service of Yandex.Food spoke about the discovery of a data leak. A press release from the company says that it occurred due to the unfair actions of one of the employees. The company also applied to law enforcement agencies with a statement about unauthorized access to customer data and is doing everything to prevent the dissemination of published information.
According to data on this leak from the DLBI leak search and monitoring service for the dark web, Yandex.Food information appeared in the public domain on February 27. There was an archive with three SQL dumps containing a total of 49,441,507 (49.4 million) order rows, including the following columns and data:
names and surnames of customers, as they are recorded in the user profile of the service;
phone numbers - in total there are 6,882,230 unique numbers from the Russian Federation (almost all regions) and Kazakhstan and 206,725 from Belarus;
full delivery address of the client;
comments to the order;
the download contains order dates from 06/19/2021 to 02/04/2022.
On March 22, 2022, a link to a site with an interactive map appeared in the media and various Telegram channels, on which, according to the addresses, customer data from the leak of the Yandex.Food service was plotted. Yandex is aware of this situation. The company clarified that this is not a new leak, but a visualization of data from a leak that occurred at the end of February.
“There have been no new information security incidents since March 1. We are talking about the leak, which Yandex.Food reported on March 1 and then notified all affected users by e-mail, ”the press service of the service said.
On the map, you can find the following customer data: full name, phone number, address up to the apartment, email, total spending in Food for six months.
In February of this year, the Ministry of Digital Development proposed introducing multimillion-dollar turnover fines for personal data operators for leaking personal data (PD) of Russian users. This measure should draw attention to their protection, as well as force PD operators to significantly improve current protection measures to prevent further leaks.
Currently, there are very small fines for the leakage of personal data, in accordance with Article 13.11 of the Code of Administrative Offenses. In fact, PD operators now risk nothing if they lose the databases of thousands of users. A fine of several tens of thousands of rubles will be imposed on them by the court.
In November 2021, a court fined Oriflame 30,000 rubles for leaking the personal data of 1.5 million Russian customers, including scanned copies of their passports. Experts believe that the damage to users from such leaks can be hundreds of millions of rubles - fraudsters can take microloans according to documents from the leak, issue SIM cards or wallets of payment systems, and even try to steal money from bank accounts of affected customers using social engineering.
bbabo.Net