Russia. Communications provider Vimpelcom has officially announced that it is undertaking an active investigation, together with law enforcement authorities, in connection with several cases where a former employee of the company was found to have handed over confidential information to a third party.
The company stated that their system for protecting confidential information and personal data, which has been in place for many years, meant that attempts to make unlawful use of subscribers' personal data were exposed at an early stage. As a result, criminal acts were uncovered, which have been blamed on the 'human factor'. A criminal case has been brought against the former employee for crimes under article 137 (violation of the right to a private life) and article 138 (violation of privacy of correspondence, telephone conversations, postal, telegraphic or other messages) of the Russian Criminal Code.
Moreover, the press release notes that the company offers its apologies to the few affected subscribers whose personal data was made accessible to third parties. The company stands ready to continue to assist with the investigations into the situation, and is also prepared to consider compensation for victims once the investigations have been completed.
Rustem Khairetdinov, Deputy General Director at InfoWatch says: «We have already been cooperating with Vimpelcom for many years to minimize internal threats to information security, to which this incident can be attributed. One thing which should be highlighted in terms of Vimpelcom's policy towards such threats is the company's will and desire to see internal security incidents through to their logical conclusion: a trial and sentencing. Unfortunately, this is an exception rather than the rule within the market – the majority of companies prefer to "investigate themselves" and "not wash their dirty linen in public." Often, this reluctance to involve the security services in investigating internal incidents is linked to a lack of legally recognized internal investigation tools and mechanisms. We can only congratulate our colleagues from Vimpelcom on the fact that they have taken a further step towards a civilized information security market».
