Hooligan data after a hacker attack on the dark web: The federal government is now threatened with a wave of lawsuits

class=”sc-29f61514-0 fQbOYE”>

Disastrous data debacle: The cyber attack on the IT company Xplain makes it clear that the federal government has a serious security problem.

The data that hackers stole from the Bern software developer does not only contain security-related information. It also contains sensitive personal data.

Affected are 766 people who were on the so-called Hoogan register of the federal government in September 2015. You were violent at a football game or other sporting event years ago and that’s why you ended up in this hooligan database. This allows the police to check who has been banned from the stadium or district.

Data subjects must now assume that their data is publicly circulating on the dark web – and visible to anyone who searches for it. Fedpol says the leak contains no information about crimes and actions against the individuals involved.

Was no data ever erased?

Only: why was the data from 2015 never deleted? Actually, the entries should be removed from the database after three years – unless a person has repeatedly shown themselves violent. This is stated in the guidelines of the Ministry of Justice.

When asked by Blick, Fedpol said, “The Hoogan database, like its associated data store, runs on a secure federal infrastructure.” The affected file, now circulating on the Darknet, is an extract from this database created in 2015. “According to initial findings, this file reached Xplain in 2015 – presumably for application testing purposes.”

Particularly explosive: Fedpol seems to be in the dark about how the fragment with the sensitive data ended up at Xplain in the first place. It says investigations are currently underway into the circumstances under which operational data could get onto Xplain’s system or still be there after testing and could be attacked. It has filed criminal charges against unknown persons.

Leck raises many legal questions

The hooligan leak raises many legal questions, says lawyer Martin Steiger, an expert on law in the digital space. In the foreground is the violation of professional secrecy. “The crucial question is, how can such sensitive data be sent to a software development company? It is often a sign of convenience not to create dummy data for testing purposes in such cases.”

It is obvious that those involved would now request information from Fedpol and the company Xplain. For example: What data is actually available and why? In that case, it is also important to clarify exactly what those affected are asking from whom.

Legal procedure is difficult

“You can sue Xplain for personal injury and claim damages. They could also demand satisfaction,” says the lawyer. There is also the issue of state accountability.

Affected persons can also bring criminal proceedings against Fedpol and Xplain for breach of professional secrecy. “There are many legal options. The problem with this: for normal citizens, the legal process is always very complex,” says Steiger.

The Federal Data Protection and Information Commissioner (FDPIC) is not commenting on the matter due to ongoing investigations. However, it confirms that those affected have the option of bringing civil, administrative and criminal claims.

Source:Blick