Welcome to our August 2023 review of cyber attacks and data breaches, where we review the most newsworthy security incidents across Europe.
This month’s blog features a huge data breach at the French unemployment agency Pôle emploi, another at the Dutch land registry Kadaster, and a series of DDoS (distributed denial of service) attacks on Italian banks.
Pôle emploi: 10 million data records compromised
The French unemployment agency Pôle emploi has notified the CNIL (Commission nationale de l’informatique et des libertés) of a data breach thought to have affected 10 million people.
According to a press release published on its website, job seekers registered in February 2022 and all former users of Pôle emploi are potentially affected, with their first and last names, and social security numbers compromised. Email addresses, phone numbers, passwords and bank details were unaffected.
The security firm Emsisoft listed Pôle emploi among the many victims of May’s MOVEit Transfer breach, in which the Russian Cl0p gang exploited a zero-day SQL injection vulnerability in Progress Software’s popular file transfer app MOVEit Transfer, but has since removed it from its list of MOVEit victims.
Moreover, as BleepingComputer notes, Cl0p “has not yet published the French agency on its extortion site”, nor does Pôle emploi mention MOVEit in its press release. However, this omission could be due to Cl0p’s previous announcement that it “would not expose information obtained from government agencies”.
If the breach is indeed part of the attack on MOVEit Transfer, it makes Pôle emploi the second largest victim in terms of individuals affected, behind the US government contractor Maximus, which saw 11 million data records compromised as a result of the breach.
Whether or not Pôle emploi can be added to the list of victims, the MOVEit Transfer breach is the largest of the year so far: more than 1,000 organisations are now known to have been caught up in the breach, with over 60 million individuals affected.
Kadaster: 6.5 million data records compromised
A data breach at the Netherlands’ Cadastre, Land Registry and Mapping Agency, Kadaster, has resulted in the exposure of personal data relating to every homeowner in the country.
As with other national land registries, Kadaster maintains a database of property ownership. Its website has a search facility that enables anyone to enter an address to discover who owns it and how much they paid for the property.
There is also a second type of search, supposed to be available only to those organisations registered with the Chamber of Commerce – such as estate agents, lawyers, bailiffs and notaries. This type of search allows registered users to enter a name and find out individual addresses for a fee.
However, an investigation by RTL Nieuws found that anyone could register an account with Kadaster, using the details of any company registered with the Chamber of Commerce and any account number. Kadaster did not verify registrants’ identities: applications were approved within a day.
As RTL explains, they could then browse more than 8 million addresses in the registry, of which 6.5 million are owner-occupied, and the invoice for the search fees would go to the company used in the application – not the person using the account.
Aleid Wolfsen, chairman of the Dutch Data Protection Authority, commented: “This leak posed a great danger to threatened journalists, activists and politicians. But also anyone who has to deal with an angry, stalking ex. Someone could suddenly show up on the doorstep to threaten them, or worse. We therefore immediately instructed the Land Registry to close this leak.”
Kadaster responded that it found this access to data “extremely worrying” and said it had “significantly strengthened” security controls with immediate effect.
Italian banks hit by DDoS attacks
The Italian cyber security agency, Agenzia per la Cybersicurezza Nazionale, has revealed that DDoS (distributed denial of service) attacks against at least five banks in early August resulted in services being unavailable.
According to Reuters, targeted banks included Intesa Sanpaolo, Monte dei Paschi di Siena, BPER Banca, FinecoBank and Banca Popolare di Sondrio, which were temporarily knocked offline after being flooded with high volumes of traffic over a period of eight hours.
The pro-Russia group NoName057(16) has taken responsibility for the attacks, citing Italy’s support for Ukraine as its motivation.
According to cybernews.com, a message on NoName’s Telegram channel said: “The worship of the Ukronazi idol continues in the Russophobic countries of the West…And we once again remind the Russophobic Italian authorities that such actions will not remain without our attention.”
NoName057(16) has been carrying out attacks on Nato members allied with Ukraine since the Russian invasion began last year, targeting infrastructure in Bulgaria, Denmark, France, Germany, Italy, Lithuania, Poland and Spain.
Are you prepared for a cyber attack?
If you’re facing a cyber security disaster, IT Governance is here to help.
Our Emergency Cyber Incident Response Service offers the necessary support to deal with the incident, as our experts guide you through the recovery process.
They’ll review the breach, mitigate the damage and ensure that you are up and running again as soon as possible.