SHARE
COPY LINK

CRIME

Austria wary of cyber attacks after personal data of foreign residents leaked online

A massive breach of IT security in the immigration and citizenship services of local authorities in the state of Carinthia has put all states on high alert.

Austria wary of cyber attacks after personal data of foreign residents leaked online
Austria is investigating a claim that spyware targeted law firms and banks (Photo by freestocks on Unsplash)

For more than two weeks, authorities in Austria have been trying to deal with a massive security breach of government systems in the state of Carinthia.

The primary victims seem to be foreigners, as the data leaked from departments that deal with immigration and citizenship issues.

A relatively simple phishing attack, when a hacker creates a fake email or webpage to give the appearance of official communication and asks the victim to click on a link, was how the IT systems in the state were first breached.

The malware entered the system, encrypted data, and now the responsible group, known as Black Cat, has been demanding a ransom to give access to precious information back to authorities.

READ ALSO: Stephansdom: Vienna woken up after hacker sets church bells to ring at 2am

Additionally, several consecutive attacks have blocked services and taken official websites off the air – though most of these have been restored.

The main issue now is that the hackers threaten Austrian authorities by leaking data from thousands of residents online. Some private information has already been revealed.

What kind of data do they have?

It has been difficult to ascertain how widespread the attack is, as the local government hasn’t been fully transparent. At first, they denied an attack, then they said the data breach concerned “only” public servants.

However, media reports have shown that entire files had actually been published online, including ID cards, passports, and corona test results from residents in Carinthia, a state in the south of Austria home to more than 560,000 people.

The groups that seem to be most affected are some 80,000 foreigners who have been granted a residence permit in the state since 1999, spokesperson of the state Gerd Kurath told a press conference.

“Data was read, but whether it was also stolen is still unclear”, he said.

READ ALSO: Six official websites to know if you’re planning to work in Austria

The hacker group also gained access to event management services, possibly retrieving data, including contact details and payment information from over 4,000 people and companies.

Finally, they also have government correspondence, including from the office of the governor Peter Kaiser (SPÖ).

What will they do with the information?

Ransomware works much like a hostage situation, except instead of people, criminals hold information. The group has blocked access to the information and is demanding $ 5 million as a ransom payment, which the government says they won’t pay.

They threaten to leak the data if the payment is not made. Still, it is unclear how much of the blocked information they can retrieve from government sites and leak.

If they do sell or publish data, people could have their identities stolen. The government says that if citizens become victims of identity theft, they will be informed about it.

What can I do now?

The state of Carinthia has set up an information hotline available every day from 8 am to 12:30 pm. People can call the line at 050 536 53003. However, no personal information, such as whether or not your own data has leaked, will be given at this moment.

At the moment, there is not much else people can do, data protection specialist Thomas Lohninger told Der Standard.

READ ALSO: Austria’s Foreign Ministry hit by ‘serious cyber attack’

Austria is not well prepared in terms of IT security, he says. The country needs to invest more in preventing attacks, according to the specialist. “This includes a secure architecture and training employees”.

Most cyberattacks, including this one, start with human error – clicking on a wrong link – and proper training is essential to prevent them.

Private citizens should also refrain from sharing personal information online as much as possible – of course, that is impossible when sharing information with public authorities.

“It does not help that there is no risk of a penalty for the loss of personal data for the public sector”, Lohninger adds.

Member comments

Log in here to leave a comment.
Become a Member to leave a comment.
For members

CRIME

When are police officers in Austria allowed to use their weapons?

Recent police operations have ended up in the shooting - and death- of suspects. What are the rules and guidelines Austrian police officers have to follow?

When are police officers in Austria allowed to use their weapons?

Austrian police officers, like their counterparts in many countries, are equipped with firearms as part of their law enforcement duties. However, the use of these weapons is strictly regulated by law, with clear guidelines and limitations in place to ensure public safety and accountability. 

Recent incidents have brought renewed attention to these regulations, sparking debate and discussion about when and how police officers are authorised to use force, including the use of firearms. Despite the recent events – with two deaths after suspects were shot by the police within two weeks, the number of such incidents in Austria is not high.

READ ALSO: What rules does Austria have on gun ownership?

In 2022, weapons were used 654 times by officers in 213 different incidents. In many incidents different police used their firearms and often more than once.

In those incidents some 137 people were left slightly injured, four were seriously injured, and no one was killed, according to a Der Standard report.

Provisional figures for 2023 show 328 uses of weapons in 202 different incidents. Sixty-five people were slightly injured, three were seriously injured, and two people were shot dead.

Looking back over a longer period of time, in the past 16 years, 18 people have died as a result of police use of firearms.

What are the rules?

The use of service weapons in Austria is regulated by the Weapons Use Act (Waffengebrauchsgesetz) of 1969, which states that law enforcement agencies such as police officers and municipal police officers may use weapons in cases of “just self-defence”, the report said.

For example, to overcome resistance to an official act, to make an arrest or to prevent the escape of an arrested person. Even then, the use of weapons is only permitted by law “if harmless or less dangerous measures”, including the threat of using weapons, pursuing a fleeing person, the use of physical force or milder means such as handcuffs, “appear unsuitable or have proven to be ineffective.” 

READ ALSO: Is Vienna a safe city to visit?

Only the least dangerous weapon may be used if various weapons are available – service weapons also include tear gas or batons. The purpose of using weapons against people may only be to “render the target incapable of attacking, resisting or fleeing”.

According to the Weapons Use Act, a service weapon is permitted in defence of a person to suppress a riot or insurrection, as well as in some instances of arrest or to prevent an escape. And to arrest or prevent the escape of “an insane person who is generally dangerous to the safety of the person or property”.

In any case, whenever the police fire their weapons, the incidents are the subject of internal investigations by the Investigation and Complaints Office for Allegations of Abuse at the Federal Bureau of Anti-Corruption (BAK-EBM). The authority will decide whether the case was an instance of self-defence and whether the use of a pistol was justified.

SHOW COMMENTS