Dutch investigators have arrested a man accused of stealing and selling personal information from millions of people around the world. According to information from the Austrian Federal Criminal Police Office, the 25-year-old Dutchman was arrested in November. The case was only published on Wednesday by the public prosecutor in Amsterdam.
According to the information, there is a strong suspicion that the arrested person offered for sale confidential data that had been stolen for a long time, including patient data from medical records. It should be about data from people from the Netherlands, Austria, Thailand, Colombia, China and Great Britain.
In Austria, even all residents were affected because the entire population register was offered for sale in 2020. The registry operator, the Ministry of the Interior, denied having been hacked. The suspicion fell on the ORF subsidiary GIS (Fees Info Service), which is responsible for collecting broadcasting fees and therefore has access to the entire population register. The GIS referred to an ISO certification of their IT systems and denied any omissions.
Reporting data from the GIS – indirectly
It is now clear that the population register came from the GIS, but was probably not tapped at the GIS. As the Austrian Broadcasting Corporation (ORF) reports, citing the Austrian Federal Criminal Police Office, GIS has left the entire population register to an IT service provider, who has placed the data on a server completely unprotected. The Dutchman may have found and downloaded the population register there, without any sophisticated hacking methods.
The Austrian Federal Criminal Police Office and the secret service have been investigating since 2020 and were finally able to find the man’s home address in Amsterdam. During house searches in Amsterdam and Almere, the Dutch colleagues seized considerable amounts of hardware and software. The criminal platform through which the data was offered for sale has now been closed.
The question remains why the GIS receives the entire population register with all nine million inhabitants and not an extract limited to those potentially liable for fees. From next year everything will be different again: Based on a decision by the Constitutional Court (VfGH), all Austrian households and companies with internet access will then have to pay ORF fees – if the legislator does not take action. The future of Austrian broadcasting fees is thus open.
(ds)
/cloudfront-eu-central-1.images.arcpublishing.com/prisa/PKH2KSLQ2NC2TF7PAKCHH335NQ.jpg)
