District Prosecutor’s Office in Warsaw published a communication, which describes in more detail fundraiser leakage of data, which we wrote about yesterday. Recall representatives of departments went to five office bailiff, took computers and data carriers. As for the proceedings concerning the leak gigantic amounts of data from the Social Security database.
From the official statement that it is certain that the Data derived fraudulently . Log analysis shows that the information was gained by malicious software or scripts. We also know that dealings lasted from March 2015. As a result, only one office leaked data 802 thousand. people. This means that the leak may be larger – screening takes place for a total of five offices in Warsaw and Lodz.
The proceedings are criminal in nature and relates to the bailiffs, who “made possible access to the database Social Security unauthorized persons “, which in itself is a crime 231 KK. Then there are the allegations of paragraph 267 KK – obtaining unauthorized access to personal information from the Social Security database – a separate crime.
Prosecutor’s Office informs that due to the importance of the case investigation took ABW.
I still can not prejudge that law enforcement officers are perpetrators data leakage, if only someone (eg. the hackers) used computers bailiffs to attack the base social security.
Below we publish in full the message the prosecutor’s office:
District Prosecutor’s Office in Warsaw supervises the criminal investigation into the failure of duties and actions damaging public and private interests by bailiffs obliged to secure access to personal data from the register of Social security as a result of which there has been to allow access to the data to unauthorized persons, ie. an offense under Article. 231 § 1 of the Penal Code in zb. Article. 51 paragraph. 1 of the Act on the protection of personal data and on obtaining unauthorized access to personal data contained in the register of social security, ie. An offense under Article. 267 § 1 of the Penal Code.
The investigation was initiated by the notification of the Ministry of Digitalisation, which revealed that the Set of bailiffs taking from tens to hundreds of thousands of records from the database monthly Social Security. The analysis calls the system Social Security – including their duration, frequency of requests, implementation at night and the scheme of work stations – pointed to the use of malicious software or scripts used to automatically generate queries.
In connection with the notice on suspicion of committing a crime obtained detailed data on the frequency and scope retrieved from the register of Social Security data. The results of the analysis of justified suspicion of unauthorized collection and use of personal data, for example, one of the bailiffs downloaded from March 2015. Data 802,759 people and made 1,792,951 queries. In order to determine the relevant circumstances it was decided to carry out procedural actions in five offices including debt collectors Warsaw and Lodz, protecting data carriers and equipment.
In view of the seriousness of the case investigation entrusted to the Internal Security Agency.