Data leakage from the OFD Dimkas server
Among the data that got into the Network were the full details of fiscal checks.
Last week, SecurityLab reported a vulnerability in the server of the fiscal data operator (OFD) “Dreamkas”, due to which the network got 14 million records of legal entities and individuals, including data on customers and taxes paid. Now it became known that the problem was much larger than previously thought. According to experts from the information security company DeviceLock, another 76 million records with various information were publicly available, but Dreamkas refused to confirm the fact of this leak.
For seven days, the OFD server was in the public domain, revealing 76 million records, including full details of fiscal receipts indicating the serial number, date and time, name of the seller, quantity of goods, its name and price. The data that was made available to the public from the server was transferred as part of the DreamCas Cabinet commercial service, which is not subject to regulation and protection under the legislation on cash registers.
Representatives of Dreamkas did not comment on the reasons for the leak, but clarified that the confidentiality of fiscal data on the OFD server was not violated and personal information was not disclosed.
The Federal Tax Service is conducting an audit of Dreamkas. For the leakage of personal data to the Network, an administrative fine of up to 75 thousand rubles is provided, and the maximum criminal liability is up to five years in prison.
