Cyber Incident Victim: PJSC VimpelCom
Date:
Jan 2017
Location:
Russia
Summary
A Russian telecommunications provider experienced a data breach compromising personal information of approximately 8.7 million customers, primarily former home broadband subscribers in Russia. The exposed data included full names, addresses, and mobile and home phone numbers of individuals who registered services prior to late 2016. The company acknowledged the incident occurred internally years earlier, identifying responsible parties at the time without public disclosure. The compromised records later appeared for sale and distribution through online platforms including Telegram channels. No customers outside Russia were affected by this breach, which exclusively targeted fixed-line internet accounts rather than mobile subscribers.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
In October 2019, Russian media outlet Kommersant reported that personal data belonging to 8.7 million customers of Beeline, a telecommunications subsidiary of PJSC VimpelCom, was being sold and shared online. The breach involved customer information from Beeline's home broadband service in Russia, specifically subscribers who had registered before November 2016. Exposed data included full names, physical addresses, and mobile and landline phone numbers. Beeline acknowledged the incident originated in 2017 and confirmed they had identified the perpetrators at that time, though they had not publicly disclosed the breach prior to Kommersant's investigation. The company emphasized that the leaked dataset primarily affected former customers, with most impacted individuals no longer active subscribers by 2019. Beeline clarified that only its Russian home broadband user base was compromised, excluding mobile subscribers and customers in other countries where it operated, such as Australia, New Zealand, Kazakhstan, and Armenia. Kommersant discovered the breach through a source in the banking security sector, noting the data circulated on Telegram channels and other online platforms. This marked the second major breach of a Russian corporation reported by Kommersant within weeks, following their earlier coverage of a data leak impacting 60 million customers of Sberbank.
Beeline, which serves over 50 million subscribers across Russia, stated that only 3 million of those were broadband customers at the time of the 2019 disclosure. The company asserted that the 2017 breach did not involve financial information, payment card details, or sensitive authentication credentials. Beeline's public response focused on minimizing the incident's contemporary relevance by highlighting the historical nature of the data and the limited scope to inactive or former broadband users. No technical details regarding the attack methodology, intrusion vectors, or specific containment measures were disclosed publicly. The delayed disclosure between the 2017 breach discovery and the 2019 media exposure raised questions about transparency timelines, though Beeline did not elaborate on its internal investigation or legal actions against the identified perpetrators. Consequences included the unauthorized sale and distribution of customer records across underground platforms, exposing millions to potential phishing and social engineering risks. The incident underscored systemic cybersecurity challenges within Russia's telecommunications sector during this period, coinciding with other high-profile breaches affecting major national enterprises.