Interior Minister Andreas Christou launched an urgent investigation into claims the state’s main population archive had been broken into by insiders and the personal details of citizens sold on, while other confidential data had been passed on to the political parties for further use.
Ministry databases include details about passports, IDs, and personal information, which could be a goldmine for identity fraudsters.
The in-house investigation was called for after Phileleftheros ran a front-page story saying that computer experts had hacked into the state archives where personal information – from ID numbers to home addresses and passport details – were stored.
It is claimed that hackers then sold on the personal details to interested parties. Christou however, described the claims as a “serious issue” but said it was possible that the personal data was being leaked by people working on the inside rather than hackers since the main units that contained the information were not connected to the Internet.
“Our system cannot be accessed from the Internet,” Christou added. “However, there are a certain amount of users, since the system is accessed by the police, the district administrations, as well as other departments.
Police spokesman Demetris Demetriou said it was still too soon to draw any conclusions.
The head of the government’s Department of Information Technology Services, Costas Agrotis, told the Cyprus Mail it was likely that the classified data had been accessed from within.
But Commissioner for the Protection of Personal Data Yioula Frangou said that if ID numbers and passport numbers had been stolen, such information could be used for identity fraud.
“The proper procedure to get into bank accounts or access personal information is that you really must produce a copy of the document apart from knowing passport or ID numbers.
“However, saying that, somebody who knows a lot about forgery can get around this. Sometimes there are instances when the use of a number gets access to bank accounts. We have seen instances when banks will just ask you for your ID number and that’s it.”
The law in Cyprus is strict with security breaches of classified data whether it is through hacking or any other method. Penalties could be as heavy as a five-year prison sentence.