A hacker tried to sell the personal information of nearly every Austrian citizen, police say

In context: The outcomes of profitable worldwide cooperation between legislation enforcement businesses preventing cybercrime grew to become recognized for the second time this week. Whereas not as massive a case because the Hive ransomware bust, the arrest of a hacker promoting the private information of hundreds of thousands gives one other instance of how fragile digital privateness is. It additionally exhibits the price of human error from those that home our private info.

On Wednesday, Austrian police introduced the arrest of a hacker within the Netherlands for promoting the private info of just about everybody dwelling in Austria. The investigation concerned collaboration between authorities in a number of international locations over two years.

The unnamed 25-year-old Dutch suspect allegedly listed a dataset on the market on-line containing the names, addresses, genders, and dates of start of 9 million Austrians – nearly the nation’s whole inhabitants. Reuters notes that police arrested the person in November however held off asserting it pending an ongoing worldwide investigation that began with a knowledge breach in 2020.

The hacker did not purchase the information utilizing malware. Austrian newspaper Die Presse writes that he merely seized upon a mistake somebody made throughout a routine IT operation.

When the Gebühren Information Service (GIS), which handles Austrian broadcasting charges, employed a Vienna subcontractor to restructure its information in 2020, one of many firm’s workers unintentionally used the service’s actual info throughout a check. The GIS reported the information theft in Could 2020.

The hacker could have accessed it utilizing a search engine, though it was not Google. In consequence, the private information of hundreds of thousands of Australian residents was left publicly accessible on-line for a couple of week. When somebody named “DataBox” on Raidforum.com provided to promote registry info on hundreds of thousands of Austrians in New Zealand, NZ authorities purchased it for a four-figure sum to substantiate that it got here from the GIS breach. The info’s composition type matched GIS record-keeping.

Police recognized the suspect after securing a server in Germany from which they allegedly downloaded the GIS’s information. The New Zealand bitcoin transaction additionally pointed authorities to the hacker, who the police suspected of cybercrimes.

When Dutch police arrested the suspect in Amsterdam, they discovered 130,000 information banks containing private info on individuals in Thailand, China, the Netherlands, Columbia, and the UK, together with medical data.