Hackers have got into the identity register

[Erica Absetz <erica () riskbasedsecurity com>]

http://politiken.dk/newsinenglish/ECE1990054/hackers-have-got-into-the-identity-register/

The police driving licence register, including the personal identity
(CPR) number register were hacked in the summer of 2012 and may have
been changed, with hackers also having retrieved information about CPR
numbers and people posted as wanted in the Schengen area, according to
the Danish national police.

The police say that data hackers may also have had access to registers
from the Tax Authority and the Modernisation Agency, in a previously
undiscovered attack that seems to have gone on from April to August
2012.

The Security and Intelligence Agency and specialists from the Defence
Intelligence Cyber Security Unit are currently investigating the
break-in. A Swedish national currently in prison in Sweden is
suspected of being involved, with Denmark applying for his
extradition. A Danish man is also believed to have been involved in
the attack.

“This has been a serious breach of the IT security that there must be
in connection with police registers,” says National Police
Commissioner Jens Henrik Højberg in a news release.

The Security and Intelligence Agency has been tasked with making sure
that the necessary security procedures are in place in order to make
sure that similar attacks cannot take place in the future.

The break-in is said to have taken place in central computers at the
CSC company.

Justice Minister Morten Bødskov says all available resources are being
used to investigate the hacker attack.

“I can fully understand people who are worried about a security
failure involving police registers, and I can fully understand those
who want an answer as to whether the failure has any influence on
their affairs,” Bødskov says.
_______________________________________________
Dataloss-discuss Mailing List (dataloss-discuss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://datalossdb.org/mailing_list

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
Risk Based Security equips organizations with security intelligence, risk
management services and on-demand security solutions to establish
customized risk-based programs to address information security and
compliance challenges. 

Tenable Network Security (http://www.tenable.com/)
Tenable Network Security provides a suite of solutions which unify real-time
vulnerability, event and compliance monitoring into a single, role-based, interface
for administrators, auditors and risk managers to evaluate, communicate and
report needed information for effective decision making and systems management.