THE PERSONAL data of three million clients of mobile phone operators Orange and EuroTel, including the phone numbers of politicians, judges, and businessmen, have been illegally leaked over the internet. News of the release, which the daily SME obtained from the local hacker community, has caused a stir in business and political circles.
The lists date back to 2002, when the mobile operators were obliged to provide the databases to third parties - the Slovak Intelligence Service (SIS) and the Interior Ministry.
SIS spokesman Vladimír Šimko said that the intelligence service had been aware of the leak and was investigating the case.
"The SIS has obtained a CD from the criminal environment with the data of mobile phone network operators," he said.
Interior Ministry spokesman Boris Ažaltovič confirmed that the ministry was also investigating the leak, which even made public the private number of SIS director Ladislav Pittner.
The spy boss has ruled out the possibility that the leak could have come from SIS databases. However, he confirmed that it dated back to 2002.
Orange and EuroTel insist that they did not leak the phone numbers and data of over three million of their clients.
"Based on the information and knowledge we have obtained so far, we can definitely rule out the possibility that the database was leaked by our company. Currently we are scrutinising the situation and if we find out that a crime was committed, we will file a criminal complaint," Juraj Droba, corporate affairs director at EuroTel, told The Slovak Spectator.
Accoridng to Droba, the protection of clients' personal data is an absolute priority for EuroTel.
"Our security systems are regularly checked and we are systematically taking steps that far exceed those required by the valid legislation," Droba added.
The Slovak Office of Personal Data Protection will wrap up its investigation of the security of the system used to process personal data of mobile operator clients in April, Gyula Veszelei, deputy chairman of the office, told the news wire SITA.
Data safety experts say that the information could have been abused on the black market.
Orange said that the hacked databases include incomplete data from April and May 2002.
"The structure of the data matches databases that, at the given time [2002], Orange provided to third parties in line with the valid legislation. Not only the structure but also the form of some of the data differs from the way the company administers its own databases in its information systems," reads Orange's official position as provided to The Slovak Spectator.
The hackers who provided the daily SME with the lists claimed that they did not steal or disseminate them; they only wanted to raise awareness that the firms did not properly protect the data of their clients.
Lawyers say that citizens do not have many avenues to seek reimbursements from phone operators in association with their leaked personal data.
Nor can the Office of Personal Data Protection compensate damaged clients. It is only authorised to order the deletion of the data or fine the operators up to Sk10 million (€246,000).
Peter Uhrík, chairman of the board of directors of Volkswagen Slovakia, whose number was also disclosed, told the daily SME that the leak was a very unpleasant surprise and that some measures had to be taken immediately.
Bratislava judge Juraj Mihál said, "it is unfair; they have poor security for the data. Organisations can process data but it must be protected. If they leak there is no one to penalise them," SME wrote.
Confidential phone numbers, addresses, and ID numbers were leaked from Orange in September 2003 as well.
For a period of time, the database was made freely accessible over the internet. A businessman warned media about the leak and submitted a CD with the data of almost 900,000 clients.
The company has already filed a criminal complaint against an unknown offender for illegally accessing Orange data.
Last June, the fixed phone line operator Slovak Telecom also encountered confidentiality problems.
However, Slovak Telecom has denied being attacked by hackers who claimed to have broken into the company's network and gained unauthorised access to data transferred via the internet by its clients, including major banks, insurance companies, and government institutions.
According to press reports, hackers could have entered the email networks of companies like insurance provider Allianz, VÚB Bank, TV Markíza, and Matsushita (Panasonic), as well as state institutions like the Deposit Protection Fund (FOV) and the Interior Ministry.
