According to the police, the hacker tried to sell the personal information of almost every Austrian citizen.
In the context: For the second time in a week, the results of successful international law enforcement cooperation to combat cybercrime have become known. While not as big a deal as the downing of the Hive ransomware, the arrest of a hacker who sold the personal data of millions is yet another example of how fragile digital privacy is. It also shows the cost of human error to those who store our personal information.
This was announced by the Austrian police on Wednesday. arrest hacker from the Netherlands for selling the personal information of almost everyone in Austria. The investigation included cooperation between the authorities of different countries for two years.
An unnamed 25-year-old suspect from the Netherlands has allegedly put up for sale a data set containing the names, addresses, genders and dates of birth of nine million Austrians — virtually the entire population of the country. Reuters notes that the police arrested person in November but refrained from announcing it pending an ongoing international investigation that began with a data breach in 2020.
The hacker didn’t get the data with the malware. The Austrian newspaper Die Presse writes that he is simply seized when someone makes a mistake during a normal IT operation.
When Gebühren Info Service (GIS), which pays for Austrian broadcasting, hired a Viennese subcontractor to restructure its data in 2020, one of the company’s employees accidentally used the service’s real information during a test. GIS reported data theft in May 2020.
The hacker could have accessed it using a search engine, even though it wasn’t Google. As a result, the personal data of millions of Australian citizens remained publicly available online for about a week. When a DataBox on Raidforum.com offered to sell registration information about millions of Austrians in New Zealand, the New Zealand authorities bought it for four figures to prove it was from a GIS hack. The data layout style was consistent with GIS record keeping.
Police identified the suspect after securing a server in Germany from which they allegedly downloaded GIS data. The New Zealand bitcoin transaction also pointed the authorities to a hacker whom the police suspected of cybercrimes.
When Dutch police arrested a suspect in Amsterdam, they found 130,000 data banks containing personal information about people in Thailand, China, the Netherlands, Colombia and the UK, including medical records.