The personal data of around 90% of Russia’s adult population is now publicly accessible due to data leaks, according to Stanislav Kuznetsov, Deputy Chairman of Sberbank’s Management Board, RBC reported on November 6.

“The situation has become grim.  Our data indicates that about 3.5 billion records are publicly accessible, with approximately 90% of the adult population having some personal data leaked,” Kuznetsov was cited as saying.

Analysis conducted by Sberbank (a Russian majority state-owned banking and financial services company) at the end of 2023 and the beginning of 2024 revealed that online retailers and healthcare institutions were the primary sources of leaks, Kuznetsov added.  Contrary to popular belief, only about 2% of data leaks originated from credit institutions.

While 2023 marked the peak of data leaks, the situation began to stabilize slightly in 2024, though leaks persist. Sberbank recorded a record number of fraudulent calls targeting Russian citizens in 2024.

In 2023, Russian financial institutions experienced 170.3 million data record leaks, with banks reporting 64 cases of client data loss, according to InfoWatch. This was 3.2 times higher than in 2022, with banks accounting for nearly half of the leaks (46.9%).

According to the Bank of Russia’s latest data, in the second quarter of 2024, fraudsters stole 4.7 billion rubles from bank clients, conducting 257,000 unauthorized transfers. Banks managed to prevent the theft of almost 2.3 trillion rubles but returned only 6.1% of stolen funds to clients. During the same period, the Central Bank identified over 53,500 phone numbers used by fraudsters.