Sophos: Hacker posts confidential information about 6 millions chileans online
May 2008 by Sophos
IT security and control firm Sophos is reminding organisations around the world about the importance of data security following news that a hacker in Chile has posted personal details about six million Chileans online. The news comes as the information commissioner in the UK moves to impose unprecedented fines on companies that deliberately or recklessly breach data protection rules.
According to reports in the Chilean media, the hacker, known as ’Anonymous Coward’ hacked into government and military servers and stole data including ID card numbers, addresses, telephone numbers, emails and academic records. He then posted the information on a Chilean technology blog before the owners of the site contacted authorities and removed the links. The Chilean newspaper El Mercurio reported that the hacker had committed the offence in order ’to demonstrate how poorly protected data in Chile is’.
"While Chile may be on the other side of the world, the scale of this data breach should not be ignored," said Graham Cluley, senior technology consultant for Sophos. "No matter how moral or ethical the hacker’s motives, this prank was irresponsible and has left almost 40 percent of Chile’s population at risk of identity theft. Organisations around the world need to take this issue seriously and defend against these risks. Whether or not the loss results in a fine is almost irrelevant - the consequences of falling victim to such an attack can be much more far reaching including irreversible damage to reputation and customer confidence."
Sophos experts note that while the scale of the Chilean breach was much smaller than the HMRC disaster last year (details of 25 million UK families were lost in this instance), the fact that the information was posted online, however briefly, increases the risks of identity fraud.