According to a newspaper report, hackers stole tens of thousands of confidential debtor data from a collection company. This was more than 33,000 files of collection company Eos, reports Süddeutsche Zeitung. Hackers would have used an IT security hole to get data. Tens of thousands of people were affected, mostly living in Switzerland. An informant had already overplayed newspaper’s data in April. The data ranged partially back to 2002.
if ( typeof AdController !== ‘undefined’ !window.Zeit.isMobileView()) { if ( !document.getElementById( ‘iqadtile8’ ) ) { var elem = document.createElement( ‘div’ ); elem.id = ‘iqadtile8’; elem.className = “ad ad-desktop ad-desktop–8 ad-desktop–8-on-article”; elem.setAttribute(‘data-banner-type’, ‘desktop’); elem.setAttribute(‘data-banner-label’, ‘Anzeige’); document.getElementById(‘ad-desktop-8’).parentNode.appendChild(elem); AdController.render(‘iqadtile8’); if ( window.console typeof window.console.info === ‘function’ ) { window.console.info(‘AdController ‘ AdController.VERSION ‘ tile 8 desktop’) } } } if ( typeof AdController !== ‘undefined’ window.Zeit.isMobileView()) { if ( !document.getElementById( ‘iqadtile3’ ) ) { var elem = document.createElement( ‘div’ ); elem.id = ‘iqadtile3’; elem.className = “ad ad-mobile ad-mobile–3 ad-mobile–3-on-article”; elem.setAttribute(‘data-banner-type’, ‘mobile’); document.getElementById(‘ad-mobile-3’).parentNode.appendChild(elem); AdController.render(‘iqadtile3’); if ( window.console typeof window.console.info === ‘function’ ) { window.console.info(‘AdController ‘ AdController.VERSION ‘ tile 3 mobile’) } } }
In three gigabyte data sets, comprehensive information on individual debtors is refore gared. The documents contained names of debtors, creditors, ir mail addresses and amount of claims, newspaper reported. A folder contains particularly sensitive data with medical records, passports, credit card statements, correspondence and private telephone numbers. This data allowed detailed conclusions on life of debtor and finally caused informants to leak documents to newspaper.
According to whistleblower, hackers would have used a vulnerability in company’s it to access servers. The vulnerability was found on a basic framework of site, Apache struts. It was same vulnerability that hackers used last September to steal data from Equifax of 143 million US Americans.
EOS: Vulnerability closed in meantime
According to report, Eos ordered a “comprehensive review of processes” after request of Süddeutsche Zeitung. EOS now wants to clarify why sensitive data from debtors was collected and stored at all, said a company spokesperson for newspaper. The storage of such extensive data on debtors is inadmissible, writes newspaper, citing data protection officer of Switzerland, Adrian Lane.
if ( typeof AdController !== ‘undefined’ !window.Zeit.isMobileView()) { if ( !document.getElementById( ‘iqadtile4’ ) ) { var elem = document.createElement( ‘div’ ); elem.id = ‘iqadtile4’; elem.className = “ad ad-desktop ad-desktop–4 ad-desktop–4-on-article”; elem.setAttribute(‘data-banner-type’, ‘desktop’); elem.setAttribute(‘data-banner-label’, ‘Anzeige’); document.getElementById(‘ad-desktop-4’).parentNode.appendChild(elem); AdController.render(‘iqadtile4’); if ( window.console typeof window.console.info === ‘function’ ) { window.console.info(‘AdController ‘ AdController.VERSION ‘ tile 4 desktop’) } } } if ( typeof AdController !== ‘undefined’ window.Zeit.isMobileView()) { if ( !document.getElementById( ‘iqadtile4’ ) ) { var elem = document.createElement( ‘div’ ); elem.id = ‘iqadtile4’; elem.className = “ad ad-mobile ad-mobile–4 ad-mobile–4-on-article”; elem.setAttribute(‘data-banner-type’, ‘mobile’); document.getElementById(‘ad-mobile-4’).parentNode.appendChild(elem); AdController.render(‘iqadtile4’); if ( window.console typeof window.console.info === ‘function’ ) { window.console.info(‘AdController ‘ AdController.VERSION ‘ tile 4 mobile’) } } }
According to spokeswoman in April, Eos remarked attempts to send “unusually many packages” to external computers. However, “despite intensive analyses, company has still not been able to determine” that we are to be victims of a successful hacker attack. ” The company refore continues to assume suspicion.
However, after irregularities in spring, servers were completely rebuilt and security gap was closed. A new analysis of systems is now to show, according to information from Süddeutsche Zeitung, wher hackers from outside access servers or wher someone with access to data – for example an employee – has published information. According to newspaper, EOS group is one of largest financial service providers in Europe.
