Contents:
The Ragnar Locker ransomware gang published data that they thought was from the Zwijndrecht municipality in Belgium, but the data actually belonged to Zwijndrecht police, a police department in Antwerp, Belgium.
Reports have emerged that this leaked data contained information on thousands of license plates, traffic fines, criminal records, personnel files, investigation reports, and more.
This data could expose people who reported crimes and abuse, which may compromise law enforcement operations and investigations.
Belgian media outlets have called this data leak one of the biggest in the country’s public service, exposing all the data Zwijndrecht police had from 2006 to September 2022.
Source: Zwijndrecht police statement on Facebook
The data leak at Zwijndrecht was the result of human error, according to Marc Snels, the chief of police at Zwijndrecht. They’ve notified all exposed individuals and are working on finding a better solution.
“No personal data had been leaked.” Snels, an associate with the company, told this statement to the local media.
“We try only to put it on the professional network, and occasionally, human errors happen. For example, fines and PVs have also been leaked. Also, photos of child abuse have been leaked as well. Of course, that is very painful.” – said the chief of Zwijndrecht Police.
The Impact Is Greater Than Stated
This network breach on Zwijndrecht has not impacted Belgium’s national police force but is still significant for its residents.
A Belgian security researcher, Kenneth Dée, published on the news website Het Laatste Nieuws that the attackers allegedly hacked into a poorly protected Citrix endpoint to access the police’s network.
Dée looked through publicly available data and found metadata, such as names and phone numbers, of people under covert police investigation.
The leaked files also include footage from traffic cameras. This information can be used to locate individuals at specific dates and times, potentially violating privacy.
This blatant violation of a US citizen’s privacy should be a wake-up call for the local police and how they handle citizens’ data. Hopefully, it will set things in motion toward making changes on that front.
The country’s data protection officer is not yet looking into the case, but the prosecutor has opened a criminal proceeding focusing on the hacking.
Belgian lawyer and privacy activist Matthias Dobbelaere-Welvaert told BleepingComputer that individuals could protect themselves by changing their license plates, ID cards, passports, etc.
“Changing your address isn’t easy, but it’s the best way to restore your credit,” Dobbelaere-Welvaert says. “After all, changes of address are listed in records for a long time. Even if you change all documents, the repercussions of this security incident could be for a lifetime, and theft of identity is no joke.”
Unfortunately, unless all police networks are perfectly secure, it is not safe to use them.
If you liked this article, follow us on LinkedIn, Twitter, Facebook, YouTube, and Instagram for more cybersecurity news and topics.