The lawyer spoke about the first steps in case of a biometric data leak

In case of a possible leak of biometric data, a citizen should block transactions as soon as possible and report the risks to law enforcement agencies. On December 1, Sofya Lukinova, head of the legal department of VMT Consult, told Izvestia.

"First of all, you should contact a bank or other organization that used biometrics and request the blocking of all transactions related to face or voice identification. At the same time, it is important to file a police report indicating the circumstances of a possible leak and attaching materials confirming suspicions. The sooner the appeal is recorded, the sooner the misuse of data can be prevented," the expert explained.

According to her, recording the request at an early stage makes it possible to prevent the misuse of data faster. A citizen should also change passwords, check the security settings in applications and disable the binding of biometrics, as well as examine requests in the Unified Biometric System on the Gosuslugi portal.

Take as much as you want: how fraudsters remove self-locks on loans from Russians

The attackers eliminate the restrictions and issue loans to their victims.

Lukinova explained that the regulation of biometrics in Russia is based on general and special rules of law. She stressed that the law on personal data defines biometrics as a special category of information requiring separate consent, and the law on the unified biometric system establishes requirements for the protection and transfer of such data. In some cases, consumer protection regulations and provisions on the security of critical information infrastructure are applied.

"The responsibility of companies for improper protection of biometrics can be both administrative and civil. The organization is subject to fines for violating the procedure for processing personal data and non-compliance with information protection requirements. If a leak has caused damage to a particular citizen, he has the right to demand compensation for damage and losses. In some cases, Roskomnadzor's activities may include restricting data processing or blocking services if the operator systematically violates the rules for handling biometrics," the lawyer added.

She concluded that an increased standard of protection has been set for companies, since the consequences of a biometric data leak can be irreversible.

On the same day, the Russian Interior Ministry warned that fraudsters could steal biometrics in various ways. Attackers often make video calls and record conversations, use mass mailings with links to phishing resources, and may ask to turn on the camera to "verify identity" under the guise of paying for a service. In addition, scammers collect photos and videos from social networks.

Prior to that, on October 16, the Roskachestvo Digital Expertise Center reported that any user can independently improve the security of their banking application. To protect against cyber attacks, the key step is to enable two-factor authentication (2FA). This method requires two types of login information: a password and a one-time code that comes via SMS or push notification. This significantly reduces the risks, as even if an attacker obtains your password, they will not be able to access your account without physical access to the device.

All important news is on the Izvestia channel in the MAX messenger.