- Статьи
- Society
- Personal data: 600 crimes involving the trafficking of personal information have been identified in six months
Personal data: 600 crimes involving the trafficking of personal information have been identified in six months
More than 600 crimes were detected and more than 300 criminal cases were opened in the first half of 2025 under a new article of the Criminal Code on the illegal processing of personal data, Izvestia found out. Experts call this number significant. In addition, Roskomnadzor blocked more than 1,700 resources on which it was possible to find personal data of Russians, for example, the chatbot "Eye of God". Fraudsters actively use illegal access to personal information, and the active application of the new version of the Criminal Code should be an obstacle for them, experts say. About who uses chatbot data and for what purposes, see the Izvestia article.
Who is leaking the data of Russians
In the first six months of 2025, 601 cases of illegal processing of personal data were identified, and criminal cases were initiated in 313 of them, Izvestia found out. This is the first statistics on the application of the new article of the Criminal Code, which became effective in December 2024. The data was provided by the Ministry of Internal Affairs at the request of the first deputy chairman of the Federation Council Committee on state Construction Artem Sheikin. The department's response is available to the publication.
"These figures clearly demonstrate the scale and effectiveness of the work of law enforcement agencies in this area,— the senator told Izvestia. — The purpose of these events is to protect the rights and legitimate interests of citizens in the digital environment and prevent cases of illegal information trafficking.
At the same time, 290 criminal cases were opened in April 2025 alone. The police solved 87 previously committed crimes, and also found and detained 18 wanted persons.
During this year, law enforcement agencies have been carrying out comprehensive work to block access to illegal resources and to identify and bring to justice those involved in their creation and operation, explained Artem Sheikin.
"Such a systematic activity allows not only to prevent violations of the law, but also to create conditions for the formation of a secure digital space," he said.
In addition, according to Roskomnadzor, since the beginning of 2025, access to 1,766 Internet resources has been restricted, which were used to unlawfully collect, store and distribute personal data.
The new article of the Criminal Code covers almost the entire range of actions with other people's data without a person's consent, Ekaterina Kosareva, managing partner of the VMT Consult analytical agency, recalled. These actions include buying, selling, storing, organizing, uploading to bots, integrating with artificial intelligence algorithms, and mass distribution of information to third parties.
"Even if it's not a direct sale, but the provision of a "search service" in a messenger, this already qualifies as illegal processing," she explained.
What schemes are used?
One of the last such cases under Article 272.1 of the Criminal Code was the detention of a police officer in the Levokumsky district of the Stavropol Territory. This was reported on August 22 in the press service of the regional department of the Investigative Committee.
"In the period from February to July of this year, a police officer, using her official position and access to special software, illegally collected and transferred personal data about residents of the Levokumsky district. At the same time, the defendant understood that this information was confidential and should not be distributed to third parties," the Investigative Committee said.
A criminal case was opened under the article on the illegal collection and transfer of computer information containing personal data. In Moscow, at the end of August 2025, a similar criminal case was sent to court, the press service of the capital's GSU told the Interior Ministry.
"It was established that a native of the Moscow region, using a mobile phone, entered search queries in the messenger, after which he received automatic responses containing personal data. He did not have consent to receive such information from the subjects of personal data. Having seized the personal information of citizens, he sent them promotional messages with a proposal to organize private flights in the field of business aviation," the department noted.
According to experts, most of the crimes identified by the Ministry of Internal Affairs are related to the spread of "penetration" bots, which have been actively appearing online recently. So, in June 2025, Artyom Sheikin sent a letter to the Prosecutor General's Office demanding to check the legality of one of the bots in Telegram, as well as related resources.
After the closure of large services like "Eyes of God", the market did not disappear, it began to split up and quickly reproduce in the form of dozens of free "bots for penetration" in Telegram, said Artem Izbayenkov, director of the Solar Space cloud cyber defense platform, Solar Group. Such tools are used by professional hackers and scammers.
"Such bots can contain a huge amount of information, from basic data (full name, date of birth, phone number, operator, region) to email addresses, passport information, INN, correspondence, and even phone books with contacts of loved ones," he said. — Today, the main danger is that these bases have begun to merge. From the scattered leaks, a holistic portrait of a person is formed: for example, the actual place of residence is calculated at the pizza delivery address, and his travel routes and relatives in other cities are calculated by air tickets.
The amount of information in such resources is enormous, Ekaterina Kosareva confirmed. The black market sells complete "digital dossiers" — dozens and hundreds of fields of information.
The risks of using bots to "break through"
This amount of information allows you not only to find out someone else's life, but also to build full-fledged fraud schemes, added Anna Minenkova, head of the criminal law practice at Sokolov, Trusov and Partners Law Office in Moscow.
— From the classic "call from the bank" to applying for a loan or a SIM card in someone else's name. That is why the use of such bots is not a "convenient tool", but a big problem for society," the expert emphasized.
The use of such bots is fraught not only with fraud, but also with more serious scenarios — from blackmail and surveillance to corporate espionage and interference in private life, added Konstantin Gromov, senior system administrator at PPL MEDIA.
"Usually, the information collected is enough to gain access to your accounts or take out a loan in your name," he said.
With the development of artificial intelligence, these data arrays are becoming even more dangerous: algorithms can automatically collect disparate leaks into a single profile, predict behavior and select personalized attacks, Ekaterina Kosareva said.
So, the presence of a combination of "phone + full name + social networks + address" allows you to build extremely convincing scenarios of deception, added Artem Izbayenkov. The use of services to track down victims is also becoming more widespread.
"If the victim is an employee of a particular company, attackers can use such data to access its infrastructure," the expert said. — In fact, today's "penetration bot" is a tool for total surveillance that collects a digital profile of a person from dozens of leaks. That is why the Ministry of Internal Affairs records hundreds of criminal cases: such services threaten both individuals and entire organizations.
At the same time, experts say, responsibility for the illegal collection and trafficking of data is borne not only by the administrators of such bots, but also by ordinary users.
"If a person buys or uses the service to obtain other people's personal data without the consent of their owner, this may be interpreted as complicity in illegal processing," Ekaterina Kosareva said. — Formally, even a one-time "punching" of the phone through a bot is already an illegal action.
Depending on the role and scale, different consequences are possible: administrative liability for illegal access or storage of data, or criminal liability if it is proven that the user knowingly acquired and used such information, especially if this led to damage to the victim.
Переведено сервисом «Яндекс Переводчик»
