The data of 8.7 million customers from Russian internet service provider Beeline is being sold and shared online, Russian media reported today.
The data contains personal details such as full names, addresses, and mobile and home phone numbers.
Beeline, a Russian telecommunications company with clients in Russia, all of Asia, and Australia, admitted to the breach.
Speaking to Russian news agency Kommersant, which first reported the security incident, the ISP said the breach happened in 2017 and that they found the persons responsible at the time, although they never made the hack public.
The Russian telco said the data only included details on Russian customers who signed up for home broadband connections, before November 2016.
The vast majority of the leaked data was from users who are not Beeline customers anymore, the company said. Customers in Australia, New Zeeland, Kazahstan, Armenia, or other countries where the ISP has a presence, were not impacted.
Beeline has more than 50 million subscribers in Russia but said that only 3 million are broadband customers, with the bulk being mobile subscribers.
Kommersant said it learned of the breach from a source in the banking security sector. The data was being shared online, including on Telegram channels.
This is the second major data breach impacting a Russian company the newspaper reported this month. Last week, Kommersant said it found an online ad selling the personal and card details of more than 60 million customers from Sberbank, one of Russia's largest banks.
These are the worst hacks, cyberattacks, and data breaches of 2019 (so far)