diff --git a/app/models/ability.rb b/app/models/ability.rb
index 08fc5ac54..7ebfffc8b 100644
--- a/app/models/ability.rb
+++ b/app/models/ability.rb
@@ -54,10 +54,10 @@ class Ability
     can(:delete,   Epp::Domain) { |d, pw| d.registrar_id == @user.registrar_id || d.transfer_code == pw }
 
     # Epp::Contact
-    can(:info, Epp::Contact) do |c, pw| 
+    can(:info, Epp::Contact) do |c, pw|
       c.registrar_id == @user.registrar_id ||
         pw.blank? ? true : c.auth_info == pw ||
-        c.transferred_passwords.include?(pw)
+          c.transferred_passwords.include?(pw)
     end
     can(:view_full_info, Epp::Contact) { |c, pw| c.registrar_id == @user.registrar_id || c.auth_info == pw }
     can(:check,  Epp::Contact)
diff --git a/test/integration/epp/contact/info/base_test.rb b/test/integration/epp/contact/info/base_test.rb
index 09d0b0308..684b035dd 100644
--- a/test/integration/epp/contact/info/base_test.rb
+++ b/test/integration/epp/contact/info/base_test.rb
@@ -188,6 +188,43 @@ class EppContactInfoBaseTest < EppTestCase
     ENV["shunter_enabled"] = 'false'
   end
 
+  def test_contact_info_of_another_registar_should_be_hidden
+    contact = contacts(:jack)
+    assert_equal 'jack-001', contact.code
+    assert_equal [Contact::OK, Contact::LINKED], contact.statuses
+    assert_equal 'jack@inbox.test', contact.email
+    assert_equal '+555.555', contact.phone
+
+    contact.update(code: contact.code.upcase)
+    contact.reload
+
+    request_xml = <<-XML
+      <?xml version="1.0" encoding="UTF-8" standalone="no"?>
+      <epp xmlns="#{Xsd::Schema.filename(for_prefix: 'epp-ee', for_version: '1.0')}">
+        <command>
+          <info>
+            <contact:info xmlns:contact="#{Xsd::Schema.filename(for_prefix: 'contact-ee', for_version: '1.1')}">
+              <contact:id>jack-001</contact:id>
+            </contact:info>
+          </info>
+        </command>
+      </epp>
+    XML
+
+    post epp_info_path, params: { frame: request_xml },
+         headers: { 'HTTP_COOKIE' => 'session=api_bestnames' }
+
+    response_xml = Nokogiri::XML(response.body)
+    assert_correct_against_schema response_xml
+    assert_epp_response :completed_successfully
+    assert_equal 'JACK-001', response_xml.at_xpath('//contact:id', contact: xml_schema).text
+    assert_equal 'ok', response_xml.at_xpath('//contact:status', contact: xml_schema)['s']
+    assert_equal 'No access', response_xml.at_xpath('//contact:email', contact: xml_schema)
+                                      .text
+    assert_equal 'No access', response_xml.at_xpath('//contact:voice', contact: xml_schema).text
+    assert_equal 'goodnames', response_xml.at_xpath('//contact:clID', contact: xml_schema).text
+  end
+
   private
 
   def xml_schema