Hacker posts confidential information about six million Chileans online

May 12, 2008 Sophos Press Release

Personal data
Personal information about six million Chilean people was posted online by a hacker.

IT security and control firm Sophos is reminding organizations around the world about the importance of data security following news that a hacker in Chile has posted personal details about six million Chileans online.

According to reports in the Chilean media, the hacker, known as 'Anonymous Coward' hacked into government and military servers and stole data including ID card numbers, addresses, telephone numbers, emails and academic records. He then posted the information on a Chilean technology blog before the owners of the site contacted authorities and removed the links. The Chilean newspaper El Mercurio reported that the hacker had committed the offence in order 'to demonstrate how poorly protected data in Chile is'.

"Chile may seem far away to many computer users, but the scale of this data breach should not be ignored," said Graham Cluley, senior technology consultant for Sophos. "No matter how moral or ethical the hacker's motives, this prank was irresponsible and has left almost 40 percent of Chile's population at risk of identity theft. Organizations around the world need to take this issue seriously and defend against these risks. The consequences of falling victim to such an attack can be much more far reaching than a simple fine, including irreversible damage to your reputation and customer confidence."

Sophos experts note that while the scale of the Chilean breach was much smaller than the HMRC debacle last year (details of 25 million UK families were lost in this instance), the fact that the information was posted online, however briefly, increases the risks of identity fraud.

"The good news is that it appears in this latest incident bank account information was not compromised. However, details of names, addresses, telephone numbers, social and educational information was taken - and these may provide valuable stepping stones for hackers who wish to steal identities," explained Cluley. "Although the data has been removed from the two websites that the hacker originally used for publication, there is no guarantee that he or others may not post it elsewhere on the net and make the situation worse."

Sophos recommends that all businesses ensure that their computers are properly defended against the threat of hackers and malware, and are using a consolidated solution which can control network access and ensure security patches are in place.