Police in France have arrested and charged a 22-year-old man with hacking into a “secure” file-sharing systems used by a Parisian hospital trust, and stealing the COVID-19 test details for some 1.4 million people.
According to local media reports, the alleged hacker not only stole highly sensitive information from Assistance Publique – Hôpitaux de Paris (AP-HP), but also distributed the data as part of an anti-vaccine protest.
The French government requires individuals to carry a “vaccine pass” (known as a passe sanitaire)if they wish to enter cafés, bars, restaurants, museums, cinemas, and access events.
Sign up to our newsletterAlthough many French people are happy to carry the pass (because they’re not crazy), others have protested that being vaccinated against a potentially deadly virus that can infect others is an infringement of their civil liberties.
Last month, AP-HP announced that it had suffered a data breach, which saw patients’ full names, dates of birth, gender, social security numbers, home addresses, email addresses, telephone numbers, and test results from mid-2020, distributed via the file-sharing site Mega.
The hack is said to have involved a “secure file-sharing service” used by AP-HP in September 2020 to transmit information to other agencies to assist in contact tracing. Clearly things weren’t quite as secure as one might have hoped.
Authorities believe that the arrested man uploaded the stolen data to Mega. Although the stolen information was subsequently removed from the file-sharing site, it was too late to prevent others from distributing their own copies of the data.
Found this article interesting? Follow Graham Cluley on Twitter to read more of the exclusive content we post.
