According to a Dutch television program, useful information on international terrorism investigations made by Europol was leaked. The data was accidently left online by Europol without any password security. Europol is the European Union’s law enforcement agency.
The program also said that the data was leaked through former Europol employee who took that dossiers to her place which is against the policy of Europol, and disclosed sensitive investigations data to the internet without realizing that it can be accessed by anyone.
The data which was leaked had nearly 700 pages of confidential dossiers including several police investigations, containing names as well as telephone numbers of suspects associated with terrorism. The data was found online via Shodan search engine where it can be directly accessed without any password. It was also found that most of the investigations dated from 2006 to 2008 which includes Netherlands Islamist terror network called the Hofstad Network, the Madrid train bombings and various foiled attacks on flights. Most of these investigations had never been revealed in public.
According to Europol, the police officer had copied all the private data to her hard drive in “clear contravention” of Europol’s rules, but had already left the agency after working for more than a decade and now works for the Dutch police. The hard drive which is in question was one of Iomega models of Lenovo Company and did not have any password protection feature. This Chinese company stated that owner is responsible for making the device secure. Company’s later models have password protection feature which needs to be set before using them.
This apparent mistake of sensitive data leak can have serious consequences as police organizations never disclose their findings in order to prevent these terrorists in understanding the way police operates to infiltrate them. At the time, when better international co-operation and data exchange is required, this data leak might jeopardize the trust between states. The disclosure coincides with a declaration that in January 2017, current director of Europol is taking part in a seminar dedicated to data protection and online privacy in London.
Summary: Information on various international investigations into terrorism groups compiled by Europol was accidentally left online, unguarded by any password.