Lead engineer of CorpSoft24 Mikhail Sergeev noted

tanjimajuha20 · Post by **tanjimajuha20** » Mon Jan 20, 2025 9:20 am

counteraction system of the Russian Union of Auto Insurers (RSA). Part of the data (stored procedures) of this database contain references to the developer company crosys.ru, among whose customers is the RSA, and one of the tables contains a list of users of the CROSYS domain.

Deputy General Director for turkey whatsapp resource Product Development at Atom Safety (part of SKB Kontur Group) Daniil Borislavsky did not rule out the possibility that the leak could be caused by a group that includes an insider - a company employee who had access to the data, as well as a group that acts on orders and causes image damage. "The likelihood that the leak occurred due to the fault of a contractor depends on the specific company. In large and well-protected companies, links in the supply chain may have weak protection or a low level of human factor, which increases the risk of a leak. Statistically, leaks from contractors are more likely," added Daniil Borislavsky.

that the system operator will still be responsible for the database leak, since he is tasked with ensuring the security of the database: "You can't just give the passwords for the database to a third party and expect that no leaks or data loss will occur due to his fault."

"90% of companies in the Russian Federation can be hacked within 24 hours, the rest - within a week or a month. The larger the company, the more difficult it is to control the infrastructure. Contractors involved can be negligent about security, leading to risks of leakage of clients' information," Ivan Lindberg, CEO of Datananny, told RIA Novosti. As a result, according to his estimates, new leaks occur daily, and in total, data from 7.5 thousand Russian companies is in shadow circulation, and this number is constantly growing.

Read also
Most Russian companies can be hacked in 24 hours, expert says
The information security of most companies in Russia can be hacked in a day, and for the remaining 10% of organizations it will take from a week to a month, NTI SafeNet expert Ivan Lindberg told RIA Novosti.

The main data set is an unloading of insurance cases (RTA) involving vehicles owned by individuals and legal entities. It includes full name, date of birth, date of the accident, type of incident, insurance policy number, name of the insurance company, as well as the brand, year of manufacture, state registration number and identification number (VIN) of the vehicle.

DLBI employees who were involved in accidents found information about themselves and their vehicles in the "leaked" database. All the data matched.

Mikhail Sergeev noted that the coincidence of data is not a guarantee that their source is the leaked database: "To confirm the fact of the database leak, it is n