Dutch suspect locked up for alleged private information megathefts – Bare Safety

The Public Prosecution Service within the Netherlands [Dutch: Openbaar Ministerie] has simply launched details about an unnamed suspect arrested again in December 2022 for allegedly stealing and selling private information about tens of thousands and thousands of individuals.

The victims are stated to dwell in nations as far aside as Austria, China, Columbia, the Netherlands itself, Thailand and the UK.

Apparently, the courts have taken a strict strategy to this case, successfully holding the arrest secret from late 2022 till now, and never permitting the suspect out on bail.

In line with the Ministry’s report, a court docket order about custody was made in early December 2022, when the authorities got permission to maintain the suspect locked up for an additional 90 days, which means that they’ll maintain him till a minimum of March 2023 as work on his case continues.

The suspect is being investigated for a number of offences: possessing or publishing “personal” information, possessing phishing software program and hacking instruments, laptop hacking, and cash laundering.

The prosecutors declare that he laundered near half-a-million Euros’ value of cryptocurrency throughout 2022, so we’re assuming that the court docket thought of him a flight danger, determined that if launched he would possibly be capable of destroy proof and, presumably, thought that he would possibly attempt to warn others within the cybercrime boards the place he’d been energetic to start out masking their tracks, too.

Governmental breach?

Intriguingly, the investigation was triggered by the looks on a cybercrime discussion board of a multi-million document stash of private information referring to Austrian residents.

These information data, it appears, turned out to have a standard supply: the corporate chargeable for amassing radio and TV licence charges in Austria.

Austrian cops apparently went undercover to purchase up a duplicate of the stolen information for themselves, and within the means of doing so (their investigative strategies, unsurprisingly, weren’t revealed) recognized an IP quantity that was by some means related to the username they’d handled on the darkish net.

That IP quantity led to Amsterdam within the Netherlands, the place the Dutch police took the investigation additional.

Because the Dutch Ministry writes:

The group has robust indications that the suspect was working underneath that consumer identify and that he had, for a very long time, been providing personal private information – together with affected person information from medical data – on the discussion board for cost underneath that identify. […]

With the theft of huge quantities of digital information, combining totally different databases and buying and selling entry to this information, increasingly more criminals know the place an individual lives, performs financial institution transactions, what automotive they’ve, what their password is, what cellphone numbers they’ve, the place they work, go to highschool and so on. The place it was obligatory to watch individuals for weeks to establish the suitable sufferer, now a push of a button suffices.

What subsequent?

We’ll let you realize if and after we study extra about this case.

We all know for certain that the Dutch police and prosecutors aren’t going to lose curiosity, as a result of the Ministry concludes its annoucement with these phrases:

This sort of prison exercise not solely grossly violates the privateness of thousands and thousands of individuals but in addition causes monetary harm to people and companies. Police and prosecutors are dedicated to preventing this complicated type of crime by detecting and prosecuting cybercriminals.

However we will’t assist questioning whether or not the Austrian radio and TV licence price assortment firm would possibly entice the curiosity of investigators of various type, this time from the Austrian information safety regulators slightly than the police.

Though firms that undergo breaches are undeniably cybercrime victims themselves, they generally find yourself in authorized bother of their very own if the regulator types the opinion that they may and may have executed extra to guard their prospects.

In spite of everything, because the Dutch prosecutors level out, it’s the people whose information really will get stolen who’re the first victims right here.