Man charged with hack which shared COVID-19 test details in protest against vaccine pass

Man charged with hack which shared COVID-19 test details in protest against vaccine pass

Man charged with hack which shared COVID-19 test details in protest against vaccine pass

Police in France have arrested and charged a 22-year-old man with hacking into a “secure” file-sharing systems used by a Parisian hospital trust, and stealing the COVID-19 test details for some 1.4 million people.

According to local media reports, the alleged hacker not only stole highly sensitive information from Assistance Publique – Hôpitaux de Paris (AP-HP), but also distributed the data as part of an anti-vaccine protest.

The French government requires individuals to carry a “vaccine pass” (known as a passe sanitaire)if they wish to enter cafés, bars, restaurants, museums, cinemas, and access events.

EmailSign up to our newsletter
Security news, advice, and tips.

Although many French people are happy to carry the pass (because they’re not crazy), others have protested that being vaccinated against a potentially deadly virus that can infect others is an infringement of their civil liberties.

Last month, AP-HP announced that it had suffered a data breach, which saw patients’ full names, dates of birth, gender, social security numbers, home addresses, email addresses, telephone numbers, and test results from mid-2020, distributed via the file-sharing site Mega.

Ap hp

The hack is said to have involved a “secure file-sharing service” used by AP-HP in September 2020 to transmit information to other agencies to assist in contact tracing. Clearly things weren’t quite as secure as one might have hoped.

Authorities believe that the arrested man uploaded the stolen data to Mega. Although the stolen information was subsequently removed from the file-sharing site, it was too late to prevent others from distributing their own copies of the data.

Found this article interesting? Follow Graham Cluley on Twitter to read more of the exclusive content we post.


Graham Cluley is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s when he wrote the first ever version of Dr Solomon’s Anti-Virus Toolkit for Windows. Now an independent security analyst, he regularly makes media appearances and is an international public speaker on the topic of computer security, hackers, and online privacy.

Follow him on Twitter at @gcluley, or drop him an email.

Leave a Reply

Your email address will not be published.