Friday , September 6 2024
Europol

CYBERSECURITY AND DATA PROTECTION
Serious security breach hits EU police agency

They were supposed to be under lock and key, in a secure storage room deep inside Europol’s headquarters in The Hague.

But a clutch of highly sensitive files containing the personal information of top law enforcement executives went missing last summer. Europe’s law enforcement agency has been mired in a whodunit ever since.

Cisco released security updates for two critical security flaws

CISCO released security updates for two critical security flaws impacting its smart Licensing Utility that could allow unauthenticated, remote attackers...
Read More
Cisco released security updates for two critical security flaws

OpenBAS: Cutting-edge breach and attack simulation platform

OpenBAS is a platform that helps organizations to plan, schedule, and conduct crisis exercises, adversary simulations, and breach simulations. OpenBAS...
Read More
OpenBAS: Cutting-edge breach and attack simulation platform

Critical Security Flaws Patched in Zyxel Networking Devices

Zyxel has released software updates to fix a serious security issue in certain access point (AP) and security router versions....
Read More
Critical Security Flaws Patched in Zyxel Networking Devices

CVE-2024-38811: CEV In VMware Fusion Unveiled

VMware released a security advisory for a major vulnerability in the VMware Fusion product. This vulnerability could be exploited by...
Read More
CVE-2024-38811: CEV In VMware Fusion Unveiled

CERT-IN Warns Vulnerabilities in Palo Alto Networks applications

Indian Computer Emergency Response Team (CERT-IN) issued advisories about multiple vulnerabilities in various Palo Alto Networks applications. Attackers could exploit...
Read More
CERT-IN Warns Vulnerabilities in Palo Alto Networks applications

How Malaysia’s Data Centre Industry Poised for Growth

Malaysia is quickly becoming a leading choice for investing in data centers. It aims to generate RM3.6 billion (US$781 million)...
Read More
How Malaysia’s Data Centre Industry Poised for Growth

RansomHub exfiltrated data over 210 victims: US alert

US authorities have issued a cybersecurity advisory about a ransomware group called RansomHub. The group is thought to have stolen data...
Read More
RansomHub exfiltrated data over 210 victims: US alert

Godzilla Fileless Backdoor Exploits Atlassian Confluence flaw

There is a new way to attack Atlassian Confluence using the vulnerability CVE-2023-22527. The Confluence Data Center and Server products...
Read More
Godzilla Fileless Backdoor Exploits Atlassian Confluence flaw

New Cicada ransomware targets VMware ESXi servers

The Cicada3301 ransomware is made in Rust and attacks Windows and Linux/ESXi hosts. Truesec researchers examined a version that targets...
Read More
New Cicada ransomware targets VMware ESXi servers

Monday hits two UK bank apps causes outages

Lloyds Bank and Virgin Money's internet banking services were down on Monday, causing trouble for users to access and view...
Read More
Monday hits two UK bank apps causes outages

According to an internal agency note seen by POLITICO, and conversations with current and former staff, the hardcopy personnel files of Europol Executive Director Catherine De Bolle and other senior officials leaked sometime before September.

“On Sep. 6, 2023, the Europol Directorate was informed that personal paper files of several Europol staff members had disappeared,” read the note. When officials checked all the agency’s records, it discovered “additional missing files,” it added.

The incident has been the talk of the agency based in The Hague, with staff exchanging notes over how the files went missing — and, above all, trying to figure out how Europe’s central law enforcement authority got itself into such a mess.

“Given Europol’s role as law enforcement authority, the disappearance of personal files of staff members constitutes a serious security and personal data breach incident,” the note, shared on its internal message board system and dated Sep. 18, said.

Europol is one of the European Union’s largest agencies. It coordinates major international investigations and operations with national police authorities and partners like Interpol and the United States’ FBI.

POLITICO spoke to four current and former officials of Europol with knowledge of the incident. Some of the lost files reappeared when a citizen found them abandoned in a public place in The Hague and brought them to a local police station, the four officials said.

It wasn’t immediately clear how long they’d been missing nor why they’d been taken from inside the institution, they said.

In response to POLITICO’s questions, The Hague’s police force spokesperson Steven van Santen said: “The Hague Police was involved in some details connected to an ongoing internal Europol investigation.”

The personnel files were those of Europol’s Executive Director De Bolle and three of her deputy directors, Jürgen Ebner, Andrei Lințǎ and Jean-Philippe Lecouffe, three of the four officials said.

Human resources files can contain information about the job application of the official, relevant training, birth dates, marriage status, dependents, current address and other regular information stored by HR, one of the officials said.

Following the incident, the head of Human Resources at the agency, Massimiliano Bettin, was placed on administrative leave, the four officials said.

Europol’s internal note said that, “against this background, the head of the HR unit [Bettin] will not be available until further notice” and “the head of the administration department will ensure business continuity for the management of the HR unit.”

An email sent by POLITICO to Bettin’s Europol email address received an automatic response, which reads “thank you for your message, I am not available. I have no access to my mails.” Bettin’s LinkedIn page said he was “actively applying” for a new job.

In a statement to POLITICO, Bettin said he could not comment on the case.

Europol’s sensitive hardcopy HR files are kept locked away in a safe, in a room that is limited to restricted personnel. Very few people know the code to the safe, one of the officials who had direct knowledge of the procedure said. It is unclear how the files were taken.

Bettin, who served as chief marshal in Italy’s police forces, had been the head of HR at Europol since 2016. The agency has a total of more than 1,400 staff.

One theory is that the files could have been taken to damage Bettin, in the context of internal conflicts within the agency, according to officials.

The European Data Protection Supervisor (EDPS) was also notified of the incident, as were the staff members whose files were affected, the internal note said. In a statement to POLITICO, the EDPS said it could not comment “at this stage on ongoing cases.”

Europol’s press office declined to comment on POLITICO’s questions, saying it was “not in a position to comment” on internal matters.

Source: Politico

Check Also

bee

New Cicada ransomware targets VMware ESXi servers

The Cicada3301 ransomware is made in Rust and attacks Windows and Linux/ESXi hosts. Truesec researchers …

Leave a Reply

Your email address will not be published. Required fields are marked *