A database containing the personal information of thousands of Americans who have applied for Russian visas in the United States appears to have been hacked over the holiday weekend.
The person who claims to have breached the computer systems of the Russian Visa Center, who goes by the name Kapustkiy, shared a screenshot of the stolen information with BuzzFeed News. The screenshot contains the names, email addresses, and phone numbers of dozens of people. Kapustkiy, who said he is part of a group called New World Hackers that assisted with the breach, claims he has information tied to thousands more, but will not publicly disclose them. “I want administrators to secure their things better and understand the consequence of a data breach,” he said in a Twitter direct message.
Kapustkiy describes himself as an ethical hacker who finds vulnerabilities in websites. He said he is 17 years old.
BuzzFeed News attempted to contact every person listed in the screenshot. Five people confirmed that they have applied for Russian visas.
John Shoreman, an attorney for the Russian Visa Center, told BuzzFeed News that the personal contact information of thousands of visa center customers was likely exposed. Run by an American company called Invisa Logistic Services, the visa center helps Americans secure necessary travel documents to Russia, including setting up appointments for applicants to meet with Russian consulate officials. Shoreman said the appointment scheduling system was likely targeted.
“The security services are saying that the visa website itself was not hacked, but the calendar may very well be the subject of a hacking,” Shoreman told BuzzFeed News. “ILS shares a calendar of appointments with the consulate office of the Russian embassy and apparently that’s where these 3,000 names came from — it came from a calendar of appointments.”
Shoreman confirmed that at least some of the customers listed in the screenshot are Russian Visa Center customers, but he does not know if all the them are. The American customers swept up in the data breach could also be customers of other organizations.
“Certainly there are customers of ILS on that screenshot, I know that for a fact,” Shoreman said. "The question is are they all customers of ILS or are they people that are either customers of the embassy or customers of other visa expeditors who also have access to the system.”
The Russian Visa Center, which operates in Washington, New York, San Francisco, Seattle, and Houston will contact all of its customers — numbering in the tens of thousands — in the next 48 hours to notify them of the data breach, Shoreman said. Customers will be advised to change their email passwords and to look out for phishing scams.
According to Shoreman, the Russian Visa Center is also in the process of notifying the FBI and the Department of Homeland Security.
When reached over the holiday weekend, a spokesperson for the Russian embassy referred BuzzFeed News to the Russian Visa Center.
Kapustkiy claims that on the night of the hack he notified Homeland Security’s Computer Emergency Readiness Team, known as US-CERT, an organization that analyzes and responds to cyber threats. Kapustkiy provided BuzzFeed News with what appears to be a screenshot of a confirmation email from US-CERT. The Department of Homeland Security did not respond to a request for comment.
The Russian Visa Center is run by an American company called Invisa Logistic Services. A previous version misstated the name of the company.
Hamza Shaban is a technology policy reporter for BuzzFeed News and is based in Washington, DC.
Contact Hamza Shaban at Hamza.Shaban@buzzfeed.com.
Got a confidential tip? Submit it here.