Dutch suspect locked up for alleged personal data megathefts – Naked Security
The Public Prosecution Service in the Netherlands [Dutch: Openbaar Ministerie] has just released information about an unnamed suspect arrested back in December 2022 for allegedly stealing and selling personal data about tens of millions of people.
The victims are said to live in countries as far apart as Austria, China, Columbia, the Netherlands itself, Thailand and the UK.
Apparently, the courts have taken a strict approach to this case, effectively keeping the arrest secret from late 2022 until now, and not allowing the suspect out on bail.
According to the Ministry’s report, a court order about custody was made in early December 2022, when the authorities were given permission to keep the suspect locked up for a further 90 days, meaning that they can hold him until at least March 2023 as work on his case continues.
The suspect is being investigated for multiple offences: possessing or publishing “non-public” data, possessing phishing software and hacking tools, computer hacking, and money laundering.
The prosecutors claim that he laundered close to half-a-million Euros’ worth of cryptocurrency during 2022, so we’re assuming that the court considered him a flight risk, decided that if released he might be able to destroy evidence and, presumably, thought that he might try to warn others in the cybercrime forums where he’d been active to start covering their tracks, too.
Governmental breach?
Intriguingly, the investigation was triggered by the appearance on a cybercrime forum of a multi-million record stash of personal data relating to Austrian residents.
Those data records, it seems, turned out to have a common source: the company responsible for collecting radio and TV licence fees in Austria.
Austrian cops apparently went undercover to buy up a copy of the stolen data for themselves, and in the process of doing so (their investigative methods, unsurprisingly, weren’t revealed) identified an IP number that was somehow connected to the username they’d dealt with on the dark web.
That IP number led to Amsterdam in the Netherlands, where the Dutch police took the investigation further.
As the Dutch Ministry writes:
The team has strong indications that…