A man suspected of stealing personal data belonging to tens of millions of people worldwide and selling that info on cybercrime forums has been arrested by Dutch police.
The 25-year-old now faces charges of violating data privacy and computer trespassing laws, and laundering cryptocurrency valued at around $491,000, according to media reports.
The alleged crook pulled together information including names, genders, addresses, and birth dates belonging to pretty much everyone in Austria, it is claimed. He also obtained records on some people in Britain, China, Colombia, Thailand, and the Netherlands, it is alleged, and then sold these massive datasets to other criminals online, we’re told. The cops believe this data was “stolen” from all over the globe.
While it doesn’t appear that the 25-year-old suspect trafficked in any financial information or bank account details, the personal information he allegedly did sell on shady online marketplaces could be used for identity theft and online scams as well as physical harm, such as swatting or stalking, it is argued.
Although the arrest happened in November in Amsterdam, and at least some of the data was said to have been sold as far back as May 2020, the detention wasn’t made public until this week due to ongoing international investigations.
Austrian police said they had verified the data set, and confirmed the stolen personal information belonged to “presumably every citizen” in the nation of roughly 9.1 million people, according to Reuters.
As far as the cops are concerned, this info can now be used by fraudsters and other crooks, having been peddled via underworld souks. “Since this data was freely available on the internet, it must absolutely be assumed that this data is, in full or in part, irrevocably in the hands of criminals,” the police said.
The Austrian plod led the initial probed, and discovered the data belonging to nearly 9 million people for sale on a cybercrime forum, according to Agence France Presse. The cops bought the dataset in an undercover operation before tracing the suspect’s IP address to an apartment in Amsterdam. Then Dutch police made the arrest.
“The man is suspected of trading the personal details of tens of millions of people, stolen from all over the world,” Dutch prosecutors said in a statement provided to AFP.
He is facing charges related to making available non-public data, possessing phishing software and other cyber-crime tools, computer trespassing, and money laundering.
Considering the amount of private information he allegedly stole and sold, the ill-gotten gains don’t seem worth the trouble, not to mention the years of imprisonment he has to look forward to, if convicted. The laundered cryptocurrency’s value was about 450,000 euros, we’re told.
The news of the Dutch crook follows an admission by T-Mobile US that someone abused an API to steal personal information belonging to 37 million subscribers.
A regulatory filing late last week disclosed one or more miscreants were able to access potentially the “name, billing address, email, phone number, date of birth, T-Mobile account number and information such as the number of lines on the account and plan features” of each affected customer. ®