Russian insurance giant Rosgosstrakh hacked, data of Russian military intelligence agents stolen

Rosgosstrakh, Russia’s second-largest insurance company, has been hacked, and the hackers are selling 400GB of data online for $50,000 in Bitcoin (BTC) or Monero (XMR) cryptocurrency.

The data breach was first reported on November 4, 2023. The hackers claim to have stolen a vast amount of data, including personal and insurance-related information belonging to three GRU agents, Russia’s military intelligence agency.

The compromised data also includes full access to the investment and life insurance department records dating back to 2010 and data on 730,000 individuals, including approximately 80,000 individuals’ Russian Social Security Numbers (SNILS) and 45,000 individuals’ complete bank routing information.

The hackers also claim access to all life insurance policies, contracts, and associated attachments, such as passports and scanned documents of public officials or their immediate relatives.

In a blog post, Swiss security researcher and hacker Maia Arson Crimew revealed that they had acquired an extensive 22GB of JSON data in plain-text format from the hackers. Crimew’s dataset analysis uncovered information attributed to three GRU agents, including their full names, dates of birth, phone numbers, email addresses, passport numbers, and specifics related to insurance coverage, particularly life insurance information.

The data breach at Rosgosstrakh is a serious incident that could affect the company and the Russian government. The fact that the data includes information on Russian military intelligence agents could be used by foreign governments to gain an advantage over Russia, especially since the Russian government is a prime target for foreign and domestic hackers. Additionally, the breach could damage Russia’s reputation and make it more difficult for Russian companies to do business internationally.