Cyber-attack on public computers results in significant data breach

CPR numbers stolen by hackers as public computers breached

Library computers among those affected by advanced attack (photo: Mourad Ben Abdallah)
September 8th, 2020 3:06 pm| by Luke Roberts
Facebooktwitterpinterestmail

Kommunernes Landsforening (KL) announced this afternoon that public computers across the country have been the target of a successful IT attack.

It is currently too early for police to report how much data the hackers have been able to get hold of, but it is believed they were primarily targeting social security numbers (CPRs).

Change passwords now
KL recommends that anyone who has used a public computer to change the passwords of any accounts used in that time in order to protect themselves from being further impacted.

CPR numbers are used for mobile banking in conjunction with the NemID service. The police say they are in discussions with Nets, the company behind NemID, to ensure that compromised accounts are blocked.

If citizens suspect their information is being used in the case of economic crime, they must immediately inform the police. By Danish law, citizens are not liable as victims of financial crime in cases in which their data inadvertently makes its way into criminal hands.

Public computers
Libraries and citizen service centres offer public access to computers to provide services and advise that would otherwise be unavailable. Most often, these services are used by older citizens without private access to a computer, and therefore continued availability remains important.

In this case, KL head Christian Harsløf described it as an “organised attack” and emphasised that “we can never guarantee that attacks like this will not happen again. If we close a hole, the criminals will just find a new one.”

The local government association works closely with the Danish Digitisation Agency and the Cyber ​​Crime Centre to ensure up-to-date advice on staying secure when using public computers.

This attack comes less than two weeks after Aalborg University’s students and employees had their data targeted by hackers.