In May 2020, at the underground forum “Raidforums”, 25-year-old hacker from Holland (Databox) put up for sale a set of data that contains the name, gender, address and date of birth of Austria citizens. The police confirmed its authenticity. The data were stolen from an incorrectly configured cloud database that the attacker found through the search engine.
The set contains about 9 million data lines. The population of Austria is approximately 9.1 million people. According to the police, the hacker also put on sale similar sets of data from the inhabitants of the Netherlands, Italy, Great Britain, China, Colombia and Thailand. In addition, cybercriminal sold medical data from patients from these countries.
Data were disclosed in May 2020. The affected database belongs to the information service of the fees (FEE Info Service, from it. GIS) – an organization responsible for the collection of fees for television and broadcasting in the country.
It is reported that the company employee used GIS data during the test and left the database on the network without protecting it. Investigators said that the hacker found data through the search engine and added that the search engine was “not Google.”
Stolen information is registration – the main information that residents must provide to the authorities. Investigators managed to find out that this data set was sold to an unknown person.
Cybercockman was arrested in November 2022 in Amsterdam and is currently under investigation. The police said that the details of the incident were disclosed only now, so that they did not affect the investigation.