Police in France have arrested and charged a 22-year-old man with hacking into a “secure” file-sharing system used by a Parisian hospital association and stealing the COVID-19 test details from about 1.4 million people.
According to local media reports, the alleged hacker not only stole very sensitive information from the Assistance Publique-Hôpitaux de Paris (AP-HP), but also distributed the data as part of an anti-vaccine protest.
The French government requires individuals to carry a “vaccine passport” (known as a sanitary pass) if they want to enter cafes, bars, restaurants, museums, cinemas and access events.
While many French people are happy to carry the passport (because they are not crazy), others have protested that being vaccinated against a potentially deadly virus that can infect others is a violation of their civil liberties.
Last month, AP-HP announced that it had suffered a data breach in which patients’ full names, dates of birth, gender, social security numbers, home addresses, email addresses, phone numbers and mid-2020 test results were distributed via the Mega file-sharing site .
The hack is said to have involved a “secure file sharing service” used by AP-HP in September 2020 to transfer information to other agencies to help with contact tracking. Things were clearly not quite as safe as one might have hoped.
Authorities believe the arrested man uploaded the stolen data to Mega. Although the stolen information was subsequently removed from the file-sharing site, it was too late to prevent others from distributing their own copies of the data.
Did you find this article interesting? Follow Graham Cluley on Twitter to read more of the exclusive content we post.