Yandex internal security team uncovers data breach

Moscow and Amsterdam, the Netherlands, February 12, 2021 – Yandex (NASDAQ and MOEX: YNDX), one of Europe’s largest internet companies and the leading search and ride-hailing provider in Russia, today announced that a data breach had been discovered during routine screening by Yandex’s security team. An internal investigation revealed that an employee had been providing unauthorized access to users’ mailboxes for personal gain. The employee was one of three system administrators with the necessary access rights to provide technical support for the service. As a result of his actions, 4,887 mailboxes were compromised. No payment details held by Yandex were compromised.

Yandex’s security team has already blocked unauthorized access to the compromised mailboxes. We have contacted the mailbox owners to alert them about the breach and they have been informed of the need to change their account passwords.

A thorough internal investigation of the incident is under way, and Yandex will be making changes to administrative access procedures. This will help minimize the potential for individuals to compromise the security of user data in future. The company has also contacted law enforcement.

We apologize to the users who have been affected by this incident.

For customer support relating to this incident please contact incident@support.yandex.ru

Contacts:
Investor Relations
Yulia Gerasimova
Phone: +7 495 974-35-38
E-mail: askIR@yandex-team.ru

Media Relations
Ilya Grabovskiy
Phone: +7 495 739-70-00
E-mail: pr@yandex-team.ru