The World Court of the Simonovsky District of Moscow found the Federal State Unitary Enterprise “Main Radio Frequency Center” (GRFC) guilty of part 2 of article 13.11 Administrative Code (violation of legislation in the field of personal data) and appointed a fine of 30 thousand rubles.

The judge considered that the Federal State Unitary Enterprise did not ensure the confidentiality of personal data of employees and did not exclude illegal access of third parties to the database containing personal data of employees of the organization

In November last year, the Belarusian hacktivists “Cyberpartisans” declared that hacked the systems of the Main Radio Frequency Center of Roskomnadzor, incl. the internal network of the GRFC, uploaded documents, as well as internal correspondence of employees larger than 2 TB. Also, as the hackers claimed, they encrypted the FSUE workstations and gained access to the domain controller.

Then the GRCHTs reported that “the criminals did not get access to either classified information or critical infrastructure.”

As a result of the incident, fragments of employees’ communication in their internal messenger, screenshots from the mailbox of the head of one of the internal groups of the GRFC, as well as images of the console of the internal DLP systems, appeared on the network.

According to one of the versions, the hack could have occurred due to the compromise of the domain administrator account.