Russia Charges Local Flight Booking Platform Following Data Breach

Top executives of Sirena-Travel JSC, the developer behind the Leonardo airline ticket reservation system, find themselves at the center of a criminal prosecution.

The charges arise from a data breach that compromised the personal information of countless airline passengers.

This article explores the unfolding situation and its implications for data security and the aviation industry in Russia.

Igor Roitman and Alexander Kalchuk, vice presidents of Sirena-Travel JSC, face severe allegations of failing to secure and protect critical computer information.

This security setback allegedly allowed hackers to access and collect the personal data of airline passengers without authorization.

Run Free ThreatScan on Your Mailbox

AI-Powered Protection for Business Email Security

Trustifi’s Advanced threat protection prevents the widest spectrum of sophisticated attacks before they reach a user’s mailbox. Try Trustifi Free Threat Scan with Sophisticated AI-Powered Email Protection .

The breach has raised serious concerns about the safety of passenger information and the integrity of Russia’s critical information infrastructure.

Investigation Unfolds

The criminal case against Roitman and Kalchuk was initiated on April 4, following an investigation by the T (transport) department of the Economic Security Service (SEB) of the FSB.

The charges brought against them fall under Part 5 of Art. 274.1 of the Criminal Code of the Russian Federation deals with violating rules for operating, storing, processing, and transmitting protected computer information within the Russian Federation’s critical information infrastructure.

The investigation has revealed that between August 25 and September 15, 2023, unidentified individuals exploited vulnerabilities in the Sirena-Travel information systems using sophisticated hacking tools.

This breach compromised passengers’ data and significantly harmed the Federal Service for Technical and Export Control (FSTEK) and the passengers.

Despite the gravity of the accusations, the court opted not to place the defendants in pre-trial detention, a move supported by the investigation.

Instead, Roitman and Kalchuk have been subjected to restrictive measures, including a ban on leaving their apartments during specific hours, communicating with witnesses or company employees, and visiting the Sirena-Travel office.

The defense has vehemently denied the clients’ involvement in the crime, asserting their innocence and arguing against the necessity of harsh preventive measures.

Broader Implications

This case highlights the growing concerns over cybersecurity and personal data protection within Russia’s aviation industry.

The breach exposes vulnerabilities in Sirena-Travel’s systems and raises questions about the overall security of Russia’s critical information infrastructure.

The aviation industry and cybersecurity professionals will watch closely as the legal proceedings continue.

The outcome of this case could have far-reaching implications for how personal data is protected and how cybersecurity breaches are handled in the future.

The prosecutor’s office can appeal the court’s decision, indicating that this legal battle may be far from over.

As developments unfold, the focus will remain on ensuring the safety and security of passenger information and strengthening the resilience of critical information systems against cyber threats.

Secure your emails in a heartbeat! Take Trustifi's free 30-second assessment and get matched with your ideal email security vendor - Try Here

Divya is a Senior Journalist at Cyber Security news covering Cyber Attacks, Threats, Breaches, Vulnerabilities and other happenings in the cyber world.