InfoSecBulletin Cybersecurity for mankind
They were supposed to be under lock and key, in a secure storage room deep inside Europol’s headquarters in The Hague.
But a clutch of highly sensitive files containing the personal information of top law enforcement executives went missing last summer. Europe’s law enforcement agency has been mired in a whodunit ever since.
CVSS 9.6: IBM QRadar & Cloud Pak Security Flaws Exposed
ALERT
Thousands of IP addresses compromised nationwide: CIRT warn
New Android Malware ‘Crocodilus’ Targets Banks in 8 Countries
Qualcomm Patches 3 Zero-Days Used in Targeted Android Attacks
Critical RCE Flaw Patched in Roundcube Webmail
Hacker claim Leak of Deloitte Source Code & GitHub Credentials
CISA Issued Guidance for SIEM and SOAR Implementation
Linux flaws enable password hash theft via core dumps in Ubuntu, RHEL, Fedora
Australia enacts mandatory ransomware payment reporting
Why Govt Demands Foreign CCTV Firms to Submit Source Code?
According to an internal agency note seen by POLITICO, and conversations with current and former staff, the hardcopy personnel files of Europol Executive Director Catherine De Bolle and other senior officials leaked sometime before September.
“On Sep. 6, 2023, the Europol Directorate was informed that personal paper files of several Europol staff members had disappeared,” read the note. When officials checked all the agency’s records, it discovered “additional missing files,” it added.
The incident has been the talk of the agency based in The Hague, with staff exchanging notes over how the files went missing — and, above all, trying to figure out how Europe’s central law enforcement authority got itself into such a mess.
“Given Europol’s role as law enforcement authority, the disappearance of personal files of staff members constitutes a serious security and personal data breach incident,” the note, shared on its internal message board system and dated Sep. 18, said.
Europol is one of the European Union’s largest agencies. It coordinates major international investigations and operations with national police authorities and partners like Interpol and the United States’ FBI.
POLITICO spoke to four current and former officials of Europol with knowledge of the incident. Some of the lost files reappeared when a citizen found them abandoned in a public place in The Hague and brought them to a local police station, the four officials said.
It wasn’t immediately clear how long they’d been missing nor why they’d been taken from inside the institution, they said.
In response to POLITICO’s questions, The Hague’s police force spokesperson Steven van Santen said: “The Hague Police was involved in some details connected to an ongoing internal Europol investigation.”
The personnel files were those of Europol’s Executive Director De Bolle and three of her deputy directors, Jürgen Ebner, Andrei Lințǎ and Jean-Philippe Lecouffe, three of the four officials said.
Human resources files can contain information about the job application of the official, relevant training, birth dates, marriage status, dependents, current address and other regular information stored by HR, one of the officials said.
Following the incident, the head of Human Resources at the agency, Massimiliano Bettin, was placed on administrative leave, the four officials said.
Europol’s internal note said that, “against this background, the head of the HR unit [Bettin] will not be available until further notice” and “the head of the administration department will ensure business continuity for the management of the HR unit.”
An email sent by POLITICO to Bettin’s Europol email address received an automatic response, which reads “thank you for your message, I am not available. I have no access to my mails.” Bettin’s LinkedIn page said he was “actively applying” for a new job.
In a statement to POLITICO, Bettin said he could not comment on the case.
Europol’s sensitive hardcopy HR files are kept locked away in a safe, in a room that is limited to restricted personnel. Very few people know the code to the safe, one of the officials who had direct knowledge of the procedure said. It is unclear how the files were taken.
Bettin, who served as chief marshal in Italy’s police forces, had been the head of HR at Europol since 2016. The agency has a total of more than 1,400 staff.
One theory is that the files could have been taken to damage Bettin, in the context of internal conflicts within the agency, according to officials.
The European Data Protection Supervisor (EDPS) was also notified of the incident, as were the staff members whose files were affected, the internal note said. In a statement to POLITICO, the EDPS said it could not comment “at this stage on ongoing cases.”
Europol’s press office declined to comment on POLITICO’s questions, saying it was “not in a position to comment” on internal matters.
Source: Politico
