Cyber Incident Victim: Russian National Visa Bureau

On December 15, 2016, security researcher Kapustkiy breached the official website of the Russian National Visa Bureau (RNVB) in the Netherlands, exposing personal data of thousands of users. The compromised information included names, phone numbers, and email addresses, with at least one account revealing login credentials containing a hashed password. Kapustkiy employed a blind injection attack to access the databases but refrained from publicly disclosing the data due to its sensitive nature, estimating approximately 13,000 accounts were affected. The RNVB website, operational since 2003 as a subsidiary of the PDC Foundation, provided visa services for Dutch businesses and private clients, handling information typically associated with visa applications. Kapustkiy notified website administrators of the breach immediately after discovery to facilitate remediation. During his investigation, he identified that the RNVB shared hosting infrastructure with the Consular Department of the Embassy of the Russian Federation in the Netherlands, which he had previously compromised using the same vulnerability.

Both the RNVB and Embassy Consular Department websites remained online despite Kapustkiy’s notifications, continuing to operate with unpatched security flaws. Administrators from ambru.nl acknowledged Kapustkiy’s report and indicated plans to deploy fixes within days, though no immediate downtime occurred. The Russian National Visa Bureau administrators subsequently confirmed they were investigating the breach and preparing vulnerability patches, anticipating temporary service interruptions during remediation. No evidence suggested unauthorized data misuse occurred between the breach discovery and administrator notifications. The incident highlighted risks associated with shared hosting environments and persistent vulnerabilities affecting government-affiliated visa processing platforms.