Cyberfraud in Russia has become so widespread that it has drawn the attention of President Vladimir Putin. At the end of 2025, Putin announced victory over cyberfraud, claiming fewer personal details were being leaked and that losses from telephone fraud were down 33 percent. The only problem was that these pronouncements—like those of other Russian officials—flew in the face of both independent statistics and earlier claims by the authorities.
Russia became a major target for hackers and scammers after the full-scale invasion of Ukraine in 2022. Now it was no longer just money that was the motivation, but politics too, as cybercriminals sought to destabilize government and commercial services and disrupt everyday life. There was a sharp increase in the number of cyberattacks on state agencies, banks, and big companies. At the same time, Western sanctions and the departure of international tech companies meant Russian companies and state agencies could no longer update their Western software and began using homegrown IT alternatives, often resulting in weaker cybersecurity.
This led to more thefts of databases containing personal details, which were regularly stolen and sold on cybercrime forums. This is not a new problem, but it has gotten worse amid the fighting in Ukraine. According to Russia’s biggest data protection companies, 311 databases were stolen and leaked online in 2022 (a fivefold increase on the previous year), rising to 420 in 2023 and 592 in 2024. While the Russian authorities downplayed the problem, they did not dispute that the situation had become worse. According to online watchdog and censor Roskomnadzor, there were 150 leaked databases in 2022, 168 in 2023, and 135 in 2024.
In 2025, it became a major political issue. Not only were the thefts undermining trust in Russian alternatives to Western online services that the authorities were advertising as safe and secure, but the stolen databases were being used by scammers, fueling public anger. Eventually, the Kremlin responded. In May 2025, a law was passed criminalizing the theft and publication of personal details, as well as introducing fines for companies on whose watch the leaks happened. In addition, data security requirements were tightened and cybersecurity regulations stepped up.
At the end of 2025, officials claimed victory. Sergei Boyarsky, the head of the State Duma’s committee on information policy, announced that the number of personal data leaks was thirteen times lower than in 2024. The Digital Development Ministry put out similar figures.
It’s impossible to reliably confirm these numbers: not least because many companies do not admit to hacks in order to minimize reputational damage. But they can be compared to independent assessments, as well as other official claims. In 2024, Roskomnadzor said there were 135 leaks, so a thirteen-fold drop should mean there were just ten or eleven leaks in 2025. But in October 2025, the minister for digital development said there had already been sixty-five leaks that year, while Roskomnadzor said there had been more than 100. Data from Russian cybersecurity firms also suggest the problem is still acute. In 2025, one such firm identified 225 data leaks from big companies. In other words, the claim that data leaks were thirteen times lower in 2025 is patently false.
In parallel with the leaks of personal details, telephone scams have multiplied, becoming the most common form of crime in Russia in 2025. The damage they cause is substantial and increases every year: according to state-owned Sberbank, telephone scammers stole 120 billion rubles ($1.53 billion) in 2022, over 250 billion rubles in 2023, and no less than 295 billion rubles in 2024.
The scammers use elaborate schemes and often attempt to scare people, which has become a lot easier amid Russia’s wartime crackdown on dissent. They sometimes pretend to be security officers to persuade their victims that, for example, their bank accounts have been hacked and money transferred to the Ukrainian armed forces—an offense that could lead to treason charges. As a result, frightened people end up transferring their savings, taking out loans, and even selling apartments.
Many of the scammers are particularly effective because they have access to leaked databases from which they can glean sensitive information like passport numbers or bank account details. Those who have been taken in by criminals include Russian celebrities and members of the elite, such as the pop singer Larisa Dolina and the son of the ex-head of Roskomnadzor.
The scale of the problem forced the Kremlin to respond. In 2025, Russia passed a package of “anti-scammer” laws. A second such package, which includes a controversial International Mobile Equipment Identity database and gives the authorities the power to disable mobile service on “suspicious” devices, is currently under discussion. In addition, Russia blocked voice calls on messaging apps Telegram and WhatsApp in August and began a total block of WhatsApp at the end of the year.
While officials claim they are winning the war against online fraud, there is plenty of data to suggest otherwise. Sberbank Deputy Chairman Stanislav Kuznetsov said that the amount of money being stolen by scammers was likely to increase over 20 percent in 2025 to as much as 360 billion rubles. And mobile operator MTS said that scam calls in Russia were up 30 percent in 2025.
For many years, cybersecurity in Russia was something only state agencies and big companies worried about. Most Russians never even adopted basic digital hygiene. However, the leaks of personal data and the epidemic of telephone scams have affected millions of ordinary people. Many are now afraid of answering calls from unknown numbers, and have to repeatedly warn elderly relatives about the risks of scammers.
All of this has fueled anger not only at the cybercriminals, but also at the authorities who for many years claimed domestic alternatives to Western IT services were safe and secure while introducing countless online restrictions in the name of security.
Despite its efforts, the Kremlin has been unable to get to grips with the burgeoning problem. The truth is that the Russian state simply does not have enough leverage over international hacker groups or the complex and sophisticated networks of telephone scammers. Some of the measures they have passed might make it harder for scammers and hackers to operate, but there is no sign of the trend reversing. Cybercriminals are usually very quick to adapt.
With its PR campaign about its supposed victory over cyberfraud, the Kremlin wanted to send a signal to Russian society that it had the situation under control and reassure people that all of its measures—even if they were unpopular (like the blocking of WhatsApp)—had been effective, and were only designed to improve people’s lives. In the Kremlin’s logic, pushing inaccurate data is simply a way of reducing public anger and legitimizing further online restrictions.
