Personal data of 1.6 million mobile phone users appeared online in the second such leak in three months, government regulators acknowledged Tuesday.
The database, posted on Zhiltsy.net, included the full names and phone numbers of MTS subscribers in St. Petersburg and Bashkortostan, as well as residential addresses and passport data for some of them.
The leak, first reported by Vedomosti, came to the attention of authorities when Fyodor Ponomaryov, a resident of Ufa, filed a complaint Sunday after finding his information online.
The web site was down throughout Tuesday. Domain registrar Publicdomainregistry.com indicated that Zhiltsy.net was created in July and registered in the Australian town of Nobby Beach, but did not specify the owner's name.
MTS, which currently has 70 million subscribers, said the database goes back to 2006 and most of the numbers are no longer valid.
Indeed, calls to several numbers with Ufa's "917" prefix that remained on a cached version of the site revealed that many were no longer working.
"After the discovery of the list in 2006, MTS conducted an internal investigation and tightened procedures for dealing with customers' personal data," the company said in a statement to Interfax.
A source close to MTS told Vedomosti that law enforcement agencies were actually to blame for the leak. He did not elaborate.
Security services have the authority to request confidential information from companies, which accounts for many similar leaks. In May, data on donors to blogger Alexei Navalny's anti-corruption web site Rospil.info was leaked to third parties, including members of a pro-Kremlin youth movement, after the Federal Security Service requested it from Yandex.Dengi, which handled the transactions.
The Federal Mass Media Inspection Service confirmed on Tuesday that Zhiltsy.net was a mirror site for the short-lived Zhiltsy.ru, which popped online in 2006 but was subsequently shut down.
The watchdog said it was struggling to shut down the new site legally, Interfax reported. It did not comment on the fact that the site was already down Tuesday.
The troubling leak of MTS data comes just over three months after 8,000 text messages written by customers of competitor MegaFon appeared on the web.
MegaFon blamed the leak on a "technical malfunction," and said the number of messages — which ranged from mundane exchanges to tender love notes — were a drop in the bucket compared with the 2 million texts the company handles every hour.
The company apologized and offered compensation to the affected subscribers in the form of bonus packages. The federal media watchdog hit MegaFon with a 30,000 ruble ($1,000) fine, which the company has appealed.
Word of the new leak came a day before an international conference in Moscow on the protection of personal data, to be hosted by the Federal Mass Media Inspection Service on Wednesday.
The agency is lobbying the State Duma for authority to open criminal cases into data leaks — currently an exclusive prerogative of the prosecutors — and for stepping up punishments for such crimes, the watchdog's deputy chief Roman Sheredin told RIA-Novosti last Friday.