At a glance.
- Ukraine arrests suspects in data theft case.
- Sentences in Cyberbunker case.
- Ransomware affiliate suspect arrested in Romania.
- Her Majesty's Revenue and Customs self-reports data breaches to ICO.
Suspects arrested in stolen data ring.
Bleeping Computer reports that Ukrainian police have arrested fifty-one suspects accused of selling the stolen personal data of over 300 million individuals hailing from Ukraine, Europe, and the US. The police operation, dubbed “DATA,” also seized approximately one hundred databases of personal data and shut down one of the largest underground forums (the name of which has not been disclosed) peddling the data.
Serhiy Lypka, Head of the Department for Combating Crimes in the Field of Computer Systems, explained, “The attackers sold information on closed hacking forums, as well as on social networks and messengers...A total of 117 searches were conducted in different regions of Ukraine. As a result, more than 90,000 gigabytes of information were removed.” The operation is just the latest move in Ukraine’s efforts to fight cybercrime this year, following last month’s arrest of five suspects believed to be members of the 'Phoenix' mobile device hacking group, as well as the September shutdown of a network of call centers involved in a cryptocurrency scam.
Cyberbunker operators sentenced.
A German court has sentenced eight people for operating a web-hosting service supporting illegal sale of drugs, stolen data, and child pornography. Earning the moniker “cyberbunker'' because it was operating out of a former NATO bunker in southwestern Germany, the cybercrime ring was shut down in 2019, and the defendants are facing prison time ranging from one year to five years and nine months. Security Week explains that the operation was responsible for several large-scale cyberattacks, including a 2016 campaign that targeted over a million Deutsche Telekom routers, and the cyberbunker’s darknet network "Wall Street Market" was considered the second-largest underground marketplace in the world.
Romanian police arrest ransomware suspect.
Security Week reports that Europol and the Romanian National Police have arrested an individual involved in a ransomware operation targeting multiple influential Romanian organizations including an IT company providing services to organizations in the energy, retail, and utilities sectors. Upon breaking into the company’s systems, the attacker allegedly exfiltrated client data running the gamut from financial details to personal employee data, then deployed ransomware to encrypt the data. “The suspect would then ask for a sizable ransom payment in cryptocurrency, threatening to leak the stolen data on cybercrime forums should his demands not be met,” Europol stated. The investigation was assisted by the US Federal Bureau of Investigation.
HMRC data breach report discloses major incidents.
The Annual Report and Accounts recently published by Her Majesty’s Revenue and Customs (HMRC) shows that HMRC reported seventeen serious data breaches to the Information Commissioner’s Office (ICO) between January 2020 and March 2021. The data, analyzed by litigation firm Griffin Law, shows that over three thousand individuals were potentially impacted by personal data-related breaches. IBS Intelligence notes that In one of the most remarkable incidents, the data of over one thousand people were exposed when an HMRC employee modified customer records without authorization.
Griffin Law founder Donal Blaney commented, “This is further evidence that HMRC needs to be reined in...Such abuse of its powers, and such criminality, should be investigated to the fullest extent possible by the Information Commissioner and the police if taxpayers are to retain any confidence in HMRC.” In the report, HMRC stated, “Protecting customer data is important to us, and we monitor our processes continually to prevent recurrences. In addition, HMRC is delivering enhanced data security, governance and reporting across the department.”