Leaksear.ch has indexed 728 booking and visa application records tied to Russian National Tourist Office Ltd, also referred to as RNTO UK, with the breach date recorded as January 25, 2022 (leaksear.ch metadata). The dataset description says the records were scraped from an exposed directory on an RNTO UK server and include applicant names, passport numbers, postal addresses, visa dates, booking references, and pricing (leaksear.ch metadata).
What happened
Leaksear.ch metadata attributes the exposure to an exposed server directory. The metadata does not identify ransomware, a third-party processor compromise, or credential theft as the cause (leaksear.ch metadata).
Companies House records show IBS VP Limited was named Russian National Tourist Office Limited from March 30, 2004 to March 17, 2022, so the January 25, 2022 breach date falls during the RNTO company-name period (find-and-update.company-information.service.gov.uk). The public Visit Russia site describes the Russian National Tourist Office as a travel business founded in 1997 with London operations, and its visa page says the London-based Russian visa processing centre handles tourist, private, business, work, and student visa applications (visitrussia.org.uk, visitrussia.org.uk).
The exposure method, scale, breach date, and field list in this article come from leaksear.ch indexing metadata. Public sources cited here provide organizational and risk context.
What data was exposed
According to the leaksear.ch index, the searchable fields are address, name, and username (leaksear.ch metadata). Other stored fields include booking reference, cardholder name, delivery method, entries and processing time, first name, request date, service requested, source file, surname, total price, and visa start and end dates (leaksear.ch metadata).
The dataset description also lists passport numbers and postal addresses among the exposed applicant data (leaksear.ch metadata). The indexed field list includes cardholder names and total prices, but it does not list passwords, password hashes, payment card numbers, or CVVs (leaksear.ch metadata).
Why this matters
For affected individuals, full names plus addresses, passport numbers, visa windows, and booking references can make phishing or phone scams look specific and credible. The UK NCSC warns that criminals use breached personal information to craft phishing messages that appear legitimate, and the ICO says stolen names and addresses can be used in identity theft and fraud (www.ncsc.gov.uk, ico.org.uk). Security teams should treat this as exposure of travel-document and visa-process data, especially where applicants are employees, executives, journalists, or people whose travel history is sensitive. If you may have applied through RNTO UK or Visit Russia, check whether your name, address, or username appears in this leak before responding to unexpected visa, travel, or payment messages.
Check your exposure
Vetted researchers and incident-response teams can request access or sign in if they already have access to check this dataset. Searchable pivots for this leak include address, name, and username.