One of the latest victims of a hacking attempt seems to have been the Italian Government, as towards the end of October (the end of European Cybersecurity month), hackers infiltrated government databases accessing thousands of confidential records.
The Facts
An investigation in Italy revealed that hackers illegally accessed security databases belonging to the Italian Government, accessing a significant quantity of confidential data. To make matters worse, the confidential data was not only accessed but rather sold to clients or used to blackmail businessmen and politicians. In fact, reports have emerged that the members of the network of hackers were boasting of their endeavours.
The allegation by the prosecutors in Milan identified three databases which were accessed: suspicious alerts on financial activities, national tax agency’s databases involving citizens’ bank transactions, utility bills, income statements and others, and police investigations database.
From the nature of these databases, it is clear that there was a significant breach of confidentiality, not to mention the data protection aspects involving highly sensitive information concerning individuals.
According to the prosecutor Giovanni Melillo, this was considered “a gigantic and alarming market of confidential data”.
Implications
This case brings to light a number of legal implications. First and foremost, the cybersecurity aspect in such a case is perhaps the most blatant aspect. Aside from cybersecurity obligations, which the EU seems to be emphasising through its legislative initiatives such as the NIS2 Directive and the DORA regulation, the criminal offences conducted by hackers reel in the criminal aspect of such conduct.
Cybersecurity breaches generally involve data protection implications, as personal data of citizens in this case is likely to have been accessed (and potentially sold). A cybersecurity breach in most cases can result in a data breach, which under the GDPR, brings with it legal obligations to notify supervisory authorities and data subjects and can very well expose the data controller to fines.
Moreover, the danger to the rule of law within a democratic country was also highlighted by the Italian prosecutors. Given this attack appears to have been directed at government databases with sensitive and confidential information, including police data, and allegedly involved former law enforcement officials, it does not bode well for the basic principles of judicial order.
Conclusion
One notes an alarming increase in cyber-attacks and hacking incidents in recent months. As the European Union promotes and focuses on enacting legislation in cybersecurity such as the NIS2 Directive and the recently adopted Cyber Resilience Act, cyber criminals have not held back efforts to illegally tap into and access confidential databases. If Government databases can fall victim to hacking efforts, so can your business if you do not remain vigilant.
Reach out to us to understand what you can do to protect your business and enhance your cybersecurity capabilities.
