Hackers are well known to nab customer data held by companies, but obtaining the personal data of pretty much all of the residents of a single nation in one fell swoop takes the nefarious practice to a whole new level.
The remarkable feat was allegedly performed by a 25-year-old Dutch hacker who, when arrested by police, had in his possession personal data linked to pretty much every resident of Austria — about nine million people.
The suspect was actually arrested in November, Reuters reported, but Austrian police only revealed details of the case this week to protect its long-running investigation.
Nine million data sets linked to Austrian residents were offered for sale on an online forum in May 2020. The data included the full name, gender, complete address, and date of birth “of presumably every citizen,” the police said.
According to Reuters, the information is what’s known as “registration data,” which residents of Austria are required to give to the authorities. The alleged hacker obtained the data after exploiting a glitch at a Viennese IT company that had temporary access to the information, local media reported.
The accused was apparently also trying to sell similar data sets linked to the populations of Italy, the Netherlands, and Colombia, though it’s not clear how many residents in each of these countries were caught up in the hacks.
Police arrested the suspect in an apartment in Amsterdam. According to reports, he is already known to international police and is currently being investigated by the Dutch authorities.
“Since this data was freely available on the internet, it must absolutely be assumed that these registration data are, in full or in part, irrevocably in the hands of criminals,” Austrian police said.
- Ransomware attacks have spiked massively. Here’s how to stay safe
- No, 1Password wasn’t hacked – here’s what really happened
- Hackers have found a way to hack you that you’d never expect
- Chrome extensions with 1.4M users may have stolen your data
- Google just thwarted the largest HTTPS DDoS attack in history