Tag: sensitive data

Germany: Large Data leak reveals Personal Data of more than 3 Million Customers

27. January 2020

The German car rental company Buchbinder is responsible for leaking Personal Data of more than 3 Million customers from all over Europe. The data leak exposed more than 10 Terabyte of sensitive customer data over several weeks without the company noticing it.

A German cybersecurity firm was executing routine network scans when it found the data leak. The firm reported it twice to Buchbinder via e-mail, but did not receive a reply. After that, the cybersecurity firm reported the leak to the Bavarian Data Protection Authority (DPA) and informed the German computer magazine c’t and newspaper DIE ZEIT.

According to c’t, a configuration error of a Backup-Server was the cause of the leak. The Personal Data exposed included customers’ names, private addresses, birth dates, telephone numbers, rental data, bank details, accident reports, legal documents, as well as Buchbinder employees’ e-mails and access data to internal networks.

The data leak is particularly serious because of the vast amount of leaked Personal Data that could easily be abused through Spam e-mails, Fraud, Phishing, or Identity theft. It is therefore likely that the German DPA will impose a GDPR fine on the company in the future.

Buchbinder released a press statement apologising for the data leak and promising to enhance the level of their defense and cybersecurity system.

Massive data breach in Sweden: Millions of Health Hotline Calls exposed online

22. February 2019

Recently around 2.7 million sensitive phone calls were uncovered by Swedish technology news site Computer Sweden. In total, 170,000 hours of conversation were available online on an unencrypted web server. The server had no login mechanism so the recorded calls could be accessed freely.

Sweden operates a national health advice line (1177), which is run by Swedish company Medhelp. For out-of-hour calls they subcontract with a Thailand-based firm called Medicall. According to repords, most of the uncovered calls were made outside the regular times and therefore answered by Medicall. A request from the BBC left Medicall unanswered.

The uncovered data is extremely private as People usually call 1177 seeking medical advice, talking about their symptoms, their kids’ illnesses and giving out their social security number.
The Swedish Data Protection Authority is currently investigating the case.

France: Intelligence agency officer caught selling sensitive police data

9. October 2018

A massive case of misuse of confidential data from security authority surveillance systems has been uncovered in France. After the French customs tracked down an illegal marketplace called “Black Hand” in June, the investigators also found data that was sold by an anonymous user called “Haurus”. Haurus sold for example confidential documents and information from national police databases.

Meanwhile the investigators gleaned the identity of the hacker with the help of specific codes attached to the data. According to French newspaper “Le Parisien”, Haurus is an officer at the “Direction générale de la sécurité intérieure” (DGSI), a French intelligence agency. The DGSI is normally in charge of counter-terrorism, countering cyber-crime and surveillance of potentially threatening groups and organisations.

According to the reports, the agent offered services in exchange for bitcoin. For example, he advertised to track the location of buyer’s gang rivals or spouses based on the telephone number or he offered to tell them, if the French police tracked them. The investigators believe that he used the resources, which the French police uses to track criminals.

Haurus was arrested at the end of September and faces up to seven years in prison and a fine up to 100.000€.

Category: Cyber security · EU
Tags: ,