Russia’s Crackdown on the "Probiv" Data Market Backfires as Leaks Intensify
A recent crackdown by Russian President Vladimir Putin on the probiv market a shadowy network trading leaked personal data has exposed the contradictions of authoritarian data control. The market, which emerged from Russia’s corrupt state infrastructure over the past decade, has long served as an unofficial tool for police, journalists, and criminals, offering everything from passports ($10 in some cases) to metadata.
Journalists have relied on probiv for investigations, including probes into the FSB’s role in the poisoning of Kremlin critic Alexei Navalny. Yet, while the system was illegal, it remained deeply embedded in law enforcement operations, often proving more efficient than official databases. As journalist Andrei Zakharov noted, the paradox of modern Russia is that these illicit services were both condemned and indispensable.
The Kremlin’s shift in stance followed Russia’s invasion of Ukraine, when data leaks became a strategic liability enabling fraud, foreign intelligence operations, and even targeted killings. The turning point came when a close associate of Putin fell victim to a phone scam, prompting a renewed crackdown. Authorities scored a victory by arresting Kirill Mironov and Mikhail Seifetdinov, creators of the Solaris data-trading platform. Both had ties to Russia’s security apparatus: Mironov worked for a federal agency, while Seifetdinov, a former Defense Ministry employee, had received awards for his work on missile defense systems.
Despite these arrests, experts warn the crackdown may have backfired. Zakharov argues that severing ties between brokers and security services has removed restraints, leading to a surge in high-profile leaks. Recent breaches include the FSB Kordon-2023 database, detailing border crossings over nine years, and an Alfa Bank client database exposed by the Ukrainian hacker group KibOrg. With brokers now operating beyond Russia’s reach, the market appears more brazen than ever.
The incident underscores a broader lesson: when insider abuse and weak access controls go unchecked, personal data becomes a weapon whether against individuals, corporations, or states. Russia’s struggle to rein in probiv reveals the fragility of data integrity in systems where corruption and convenience often override security.
Alfa Bank TPRM report: https://www.rankiteo.com/company/alfa-bank
Ministry of Defense TPRM report: https://www.rankiteo.com/company/ministry-of-telecom-and-mass-communications-of-the-russian-federation
"id": "alfmin1768300194",
"linkid": "alfa-bank, ministry-of-telecom-and-mass-communications-of-the-russian-federation",
"type": "Breach",
"date": "1/2026",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'industry': 'Illegal Data Market',
'location': 'Russia',
'name': 'Solaris Platform',
'type': 'Data Brokerage'},
{'customers_affected': "Clients' database exposed",
'industry': 'Banking',
'location': 'Russia',
'name': 'Alfa Bank',
'type': 'Financial Institution'},
{'customers_affected': 'Individuals who crossed Russian '
'borders over nine years',
'industry': 'National Security',
'location': 'Russia',
'name': 'FSB Kordon-2023',
'type': 'Government Database'}],
'attack_vector': ['Insider Abuse',
'Corrupt Officials',
'Dark Web Marketplaces'],
'customer_advisories': 'Individuals should monitor for identity theft and '
'fraud due to widespread exposure of personal data.',
'data_breach': {'data_exfiltration': 'Yes',
'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Personal Identifiable '
'Information',
'Banking Data',
'Border Crossing Records']},
'description': "Russia's crackdown on the probiv market, an illegal network "
'trading leaked personal data, following increased fraud risks '
'and national security concerns. The market, used by police, '
'journalists, and criminals, has been a paradoxical tool for '
"both state control and corruption. The government's efforts "
'to dismantle it have had mixed success, with some brokers '
'migrating abroad and continuing operations.',
'impact': {'brand_reputation_impact': 'Erosion of public trust in state '
'institutions',
'data_compromised': ['Passports',
'Metadata',
'Personal Identifiable Information',
'Bank Client Data',
'Border Crossing Records'],
'identity_theft_risk': 'High',
'operational_impact': 'Increased fraud and targeted killings '
'enabled by leaked data',
'payment_information_risk': 'High'},
'initial_access_broker': {'data_sold_on_dark_web': 'Yes',
'high_value_targets': ['Government databases',
'Banking data']},
'investigation_status': 'Ongoing',
'lessons_learned': 'Data integrity is critical to national security. Insider '
'abuse and lack of access controls can turn personal data '
'into a weapon for fraud, espionage, and targeted '
'operations.',
'motivation': ['Financial Gain',
'Espionage',
'Fraud',
'National Security Risks'],
'post_incident_analysis': {'corrective_actions': ['Legal crackdowns',
'Arrests of key brokers',
'Bolstering data protection '
'laws'],
'root_causes': ['Corrupt state infrastructure',
'Insider abuse',
'Lack of access controls',
'Migration of brokers abroad']},
'recommendations': ['Strengthen access controls',
'Monitor insider threats',
'Enhance regulatory oversight of data markets',
'Improve cross-border data protection cooperation'],
'references': [{'source': 'The Guardian'},
{'source': 'Heath Renfrow (Fenix24)'},
{'source': 'Andrei Zakharov (Journalist)'}],
'regulatory_compliance': {'legal_actions': ['Arrests of data brokers'],
'regulations_violated': ['Russian Data Protection '
'Laws']},
'response': {'containment_measures': ['Arrest of key brokers (Kirill Mironov '
'and Mikhail Seifetdinov)',
'Legal crackdown on data brokers'],
'law_enforcement_notified': 'Yes'},
'stakeholder_advisories': 'Government and financial institutions should '
'reassess data security measures due to heightened '
'risks from leaked data.',
'threat_actor': ['Corrupt Officials',
'Bank Workers',
'Data Brokers',
'Criminals'],
'title': 'Crackdown on Probiv Market in Russia',
'type': ['Data Leak', 'Fraud', 'Insider Threat'],
'vulnerability_exploited': ['Lack of Access Controls',
'Insider Threats',
'Data Corruption']}