The logistics company CDEK has debugged its operation after a global failure in early June, but customer information has still leaked onto the Internet. Vulnerabilities in the operator's data storage system may lead to future cybercriminal attacks.
Information about the operator's clients was found in the "Google Sheets" service. The data included descriptions of parcels, reasons for delays, waybill numbers, company divisions and senders. This may contribute to a repeat attack.
Data from open sources can be used, among other things, to construct complex attacks on the company's infrastructure.
However, CDEK assured that there was no data leak. Roskomnadzor also confirmed that the operator did not notify the agency about this.
It is worth noting that last year a bill was introduced to the State Duma, tightening the punishment for data leakage. The amount of the fine will depend on the amount of information disclosed. For companies, the amount of penalties reaches up to 15 million rubles.
Recall that the technical failure happened on CDEK servers on May 26, the operator's operation was stopped. All week the service eliminated the consequences of a hacker attack on databases. It was possible to return to normal operation on June 2.
Earlier www1.ru reported that Russian Post is delaying the delivery of parcels from abroad.
Read materials on the topic:
Russian Post will hire "white hackers" to check IT infrastructure