In recent years, a large-scale shadow market for personal data has emerged in Russia. The Kremlin long served as a hub for hackers, who accessed closed databases through corrupt government officials. Prior to the war, authorities tolerated this market and made use of it themselves. However, since 2022, there has been a crackdown: arrests of hackers, darknet market closures, and tough new laws have failed to restore control. Instead, the market has slipped further from state oversight.
The scale is staggering: the annual turnover was estimated at 15 billion rubles. Police officers, mobile operator employees, tax officials, and even medical staff sold passport, banking, and telecom information, as well as border-crossing data. This operated both in public Telegram bots and in closed B2B systems for 'professionals.'
The war in Ukraine fueled widespread scams using stolen data, making it harder to protect citizens and even affecting senior officials. The FSB conducted major operations against hacker groups and darknet platforms ('Hydra', RMShop, USA Store, etc.), seizing cash and cryptocurrency worth hundreds of millions of dollars. However, arrests of law enforcement officials who protected cybercriminals did not stop massive data leaks, which rose further in 2023–2024.
An informal agreement exists: Russian hackers are not persecuted if they do not harm Russia or its allies, and are ready to work for the government. But attempts by authorities to tighten control led to a new wave of breaches and operators moving abroad.
Today, Russia's personal data market has become an uncontrollable threat to the Kremlin, a tool for foreign intelligence, and a daily risk for citizens. The surge of corruption and cybercrime questions the effectiveness of repressive information control, which failed to protect its own data resources.
