The Ministry of Digital Development, Telecommunications and Mass Communications of the Russian Federation has not confirmed a data breach at the Voskhod Research Institute, a facility under the Federal State Autonomous Agency. Reports about the breach originated from a media outlet and were later echoed by officials referencing the ministry. An official familiar with the inquiry described the situation to a representative of the department, noting that the matter is still under careful review rather than settled as an incident of confirmed leakage.
According to this source, an internal audit is underway, conducted in collaboration with the Federal Security Service and the Voskhod Institute itself. At this stage, no definitive confirmation has been issued that data was exposed or accessed unlawfully. The collaboration signals a thorough and coordinated response to assess any potential risk to sensitive information and to determine the scope of any security gaps that may exist within the institution’s networks.
The representative added that no data appeared publicly on the internet. There was mention of unusual activity detected within the organization’s internal network, which prompted investigators to initiate deeper forensic checks. The materials in question are safeguarded in encrypted form, with the decryption keys reportedly kept under control by a centralized государственный орган responsible for security and issuance of secure credentials. This arrangement is cited as a protective measure intended to prevent unauthorized decryption or misuse of biometric data that might be stored by the institution.
Earlier, a Telegram channel known for circulating insider information claimed that biometric data belonging to residents of Russia, Kazakhstan, and Belarus had been compromised at Voskhod. This report was proposed as a lead from various sources and is the focus of continued verification by the ministry and affiliated bodies. The situation illustrates the ongoing sensitivity around biometric privacy and the importance of robust, verifiable security controls in state-supported research facilities.
Separately, representatives from Sberbank had stated that the hacking of its systems and the spread of leaked data, as described in some online discussions, do not align with the facts. They emphasized that the data allegedly exposed on public hacker resources are not a direct reflection of current security breaches. In their assessment, the information circulating online appears to be a compilation drawn from older incidents involving contractors and related subsidiaries. This clarification underscores the difficulties in distinguishing between real-time intrusions and compiled datasets that reappear in different contexts, especially when linked to widely used financial services and supertypical accounts of cyber incidents. A cautious approach to interpreting such claims is advised until official investigations provide a clear, authenticated picture of what happened and what safeguards are in place to protect customer information, including biometric identifiers.