Image: VOLKER Weihbold
The lawyers Florian Scheiber (Vaduz) and Robert Haupt (Vienna) announced in a broadcast on Wednesday that they would start collective proceedings directed against the hacker arrested in the Netherlands on the one hand, and claims for damages against GIS and the company in Vienna on the other IT company. The GIS announced a statement. The Federal Criminal Police Office (BK) in Vienna announced last week that a Dutch hacker had been arrested on suspicion of stealing almost nine million Austrian registration data in 2020 and offering them for sale on the Internet. The theft was apparently made possible by a breakdown at the Viennese IT company, which GIS had commissioned to restructure its database. An employee of the company had used the real registration data from the GIS for a test, which was therefore available on the Internet without access protection.
According to the two lawyers, it is unclear whether the hacker had sold the data again before investigators from the BK acquired it covertly. This is how the criminalists got on the trail of the perpetrator, which ultimately led to his arrest. “Thus, all Austrian citizens and companies could be affected by the data incident,” wrote the lawyers.
There was criticism of the information policy: “According to the provisions of the EU General Data Protection Regulation (GDPR), the persons concerned must be informed immediately in the event of a data protection violation. This is why the Austrian population was only informed of the extent of the data leak with the extensive media coverage of January 25th, 2023 , is currently still unclear. This is all the more surprising because, according to the investigators, the relevance of registration data in the wrong hands should not be underestimated,” emphasized the lawyers. GIS commented on the case in May 2020. At that time, however, the extent of the data theft was hardly known.
Haupt and Scheiber warned that the registration data could be used for fraud, including identity theft. “Those affected can join the criminal proceedings against the hacker and demand any compensation. In addition, those affected can possibly claim compensation from GIS and the still unknown IT company,” said Scheiber and Haupt, explaining the purpose of the collective proceedings. Damage caused by any fraud with the help of the reporting data would have to be borne by those affected, “unless you have already successfully asserted your claims against those responsible for the data leak,” emphasized Scheiber and Haupt.
According to “Kurier” (Wednesday edition), Haupt has also filed a criminal complaint against unknown persons on behalf of a client, owner of a carpentry shop. It is about the suspicion of illegal access to a computer system. What is meant by the display, however, are those responsible for the IT company commissioned by the GIS. “My client wants clarification, demands compensation and joins the process as a victim,” Haupt was quoted as saying.
Source: Nachrichten
