Acsour.com_ENG

Data breaches in 2025: rising fines and growing business risks

Legal Digest News
In 2025, Roskomnadzor continues to report on large-scale personal data breaches, while new legislation imposes stricter penalties for non-compliance. Companies failing to comply with data processing regulations now face multimillion-ruble fines.

Key Developments

According to Roskomnadzor, 30 personal data breaches were recorded in the first four months of 2025. The agency received 29 breach notifications from businesses, conducted follow-up audits, and issued nine administrative violation reports. Courts have ruled on five cases to date, imposing fines totaling 240,000 rubles and issuing one official warning.

Earlier, in March, Roskomnadzor disclosed that 19 breaches in January and February alone exposed over 24 million records containing Russian citizens’ personal data.

New Penalties Effective May 30, 2025

Starting May 30, 2025, fines for personal data violations will increase significantly:

  • Up to 5–10 million rubles, depending on the scale of the breach;
  • Recurring violations will trigger revenue-based fines.

Miloš Wagner, Deputy Head of Roskomnadzor, emphasized that companies voluntarily reporting breaches before May 30 could be eligible for reduced penalties. After this deadline, enforcement measures will significantly tighten.

Business Implications

Tighter regulations mean any company handling customer, employee, or counterparty data faces heightened risks, including:

  • Financial penalties – including fines of up to 10 million rubles and revenue-based sanctions;
  • Reputational harm – as breaches undermine client and partner trust;;
  • Operational disruptions – Roskomnadzor may restrict access to non-compliant websites or services.

Mitigating the Risks

To avoid penalties and safeguard data, businesses must:

  1. Audit current personal data processing practices.
  2. Ensure documentation complies with Federal Law No. 152-FZ and Roskomnadzor regulations.
  3. Implement technical safeguards – encryption, access controls, and DLP systems.
  4. Train employees on proper personal data handling procedures.

How Acsour Can Help

Acsour provides comprehensive personal data protection solutions, including compliance audits and security system implementation.

Request a consultation, and our experts will develop a customized solution for your business.