Austria wary of cyber attacks after personal data of foreign residents leaked online

A massive breach of IT security in the immigration and citizenship services of local authorities in the state of Carinthia has put all states on high alert.

Austria wary of cyber attacks after personal data of foreign residents leaked online
Austria is investigating a claim that spyware targeted law firms and banks (Photo by freestocks on Unsplash)

For more than two weeks, authorities in Austria have been trying to deal with a massive security breach of government systems in the state of Carinthia.

The primary victims seem to be foreigners, as the data leaked from departments that deal with immigration and citizenship issues.

A relatively simple phishing attack, when a hacker creates a fake email or webpage to give the appearance of official communication and asks the victim to click on a link, was how the IT systems in the state were first breached.

The malware entered the system, encrypted data, and now the responsible group, known as Black Cat, has been demanding a ransom to give access to precious information back to authorities.

READ ALSO: Stephansdom: Vienna woken up after hacker sets church bells to ring at 2am

Additionally, several consecutive attacks have blocked services and taken official websites off the air – though most of these have been restored.

The main issue now is that the hackers threaten Austrian authorities by leaking data from thousands of residents online. Some private information has already been revealed.

What kind of data do they have?

It has been difficult to ascertain how widespread the attack is, as the local government hasn’t been fully transparent. At first, they denied an attack, then they said the data breach concerned “only” public servants.

However, media reports have shown that entire files had actually been published online, including ID cards, passports, and corona test results from residents in Carinthia, a state in the south of Austria home to more than 560,000 people.

The groups that seem to be most affected are some 80,000 foreigners who have been granted a residence permit in the state since 1999, spokesperson of the state Gerd Kurath told a press conference.

“Data was read, but whether it was also stolen is still unclear”, he said.

READ ALSO: Six official websites to know if you’re planning to work in Austria

The hacker group also gained access to event management services, possibly retrieving data, including contact details and payment information from over 4,000 people and companies.

Finally, they also have government correspondence, including from the office of the governor Peter Kaiser (SPÖ).

What will they do with the information?

Ransomware works much like a hostage situation, except instead of people, criminals hold information. The group has blocked access to the information and is demanding $ 5 million as a ransom payment, which the government says they won’t pay.

They threaten to leak the data if the payment is not made. Still, it is unclear how much of the blocked information they can retrieve from government sites and leak.

If they do sell or publish data, people could have their identities stolen. The government says that if citizens become victims of identity theft, they will be informed about it.

What can I do now?

The state of Carinthia has set up an information hotline available every day from 8 am to 12:30 pm. People can call the line at 050 536 53003. However, no personal information, such as whether or not your own data has leaked, will be given at this moment.

At the moment, there is not much else people can do, data protection specialist Thomas Lohninger told Der Standard.

READ ALSO: Austria’s Foreign Ministry hit by ‘serious cyber attack’

Austria is not well prepared in terms of IT security, he says. The country needs to invest more in preventing attacks, according to the specialist. “This includes a secure architecture and training employees”.

Most cyberattacks, including this one, start with human error – clicking on a wrong link – and proper training is essential to prevent them.

Private citizens should also refrain from sharing personal information online as much as possible – of course, that is impossible when sharing information with public authorities.

“It does not help that there is no risk of a penalty for the loss of personal data for the public sector”, Lohninger adds.

Member comments

Log in here to leave a comment.
Become a Member to leave a comment.


EXPLAINED: What happened at the Linz Halloween riots?

On Halloween night, dozens of people, most minors, rioted in the Upper Austrian capital. Two days after the event, Austria is still trying to understand what happened and what to do now.

EXPLAINED: What happened at the Linz Halloween riots?

On the evening of Halloween, dozens of people rioted in Linz. Images on social media appear to show that most of them look young, and the data released by the police confirmed that. 

Among the 129 suspects identified, most (73) are younger than 18, while 26 are considered to be “young adults”, so younger than 21.

What the authorities have not been able to pinpoint, though, is what led to the rioting, which ended with damaged property, injured police officers, and almost 130 people taken into custody.

What exactly happened?

On Halloween evening, October 31st, around 200 took downtown Linz streets on a rampage, damaging storefront windows and attacking unrelated groups of people with stones and even firecrackers. 

READ ALSO: Have your say: Where are the best and worst places to live in Vienna?

As a result, some 170 police officers were called out to the scene to try to drive the rioters away, Austrian media reported. The five-hour operation resulted in nine arrests and two police officers were injured. On Tuesday evening, riots broke out again, but on a much smaller scale and the people left once police arrived.

One thing that draws attention to the episode – other than the unexpected violence – is that many of the people involved were not Austrian citizens. In a country where immigrations is always a contentious issue, this issue was bound to make the headlines.

According to the police, one in three rioters were Austrian citizens. Among the 129 identified suspects, 35 are persons entitled to asylum and five are asylum seekers. In terms of nationality, it is a heterogeneous group, according to broadcaster ORF

Twelve EU citizens, 28 Syrians, and 14 Afghans. Among the Austrians, the police said 34 had a “migration background” – the report didn’t clarify precisely what that meant.

Serbs, Kosovars, North Macedonians, Romanians, Thais and Bosnians were also in the group.

READ ALSO: Tents for asylum seekers stir debate in Austria

However, authorities are still investigating the incident, and there is no final report on the age or nationality of all involved.

What was the role of social media? 

The other point that ensured the riots would stay in the headlines for a while was how they came to happen. 

According to the authorities, the initial evaluation is that the event was unorganised and the rioters had no clear structure. Instead, it was more likely “a loose gathering of young people who had joined forces via social media”, Der Standard reported.

The police are now looking into several videos on TikTok, where young people announced the rioting by saying they wanted to turn Linz “into Athena”. Some videos had more than 19,000 likes and comments discussing how the night would be of “war”.

READ ALSO: IN NUMBERS: Who are the asylum seekers trying to settle in Austria?

The Athena comment references a film available on the streaming platform Netflix. The plot centres on the chaos erupting in a French neighbourhood known as Athena after the brutal killing of a child of Algerian origin. Massive riots and confrontations between the police and the population are shown.

What is going to happen now?

The police are still piecing together everything that happened two days after the riots. On social media, there are calls for further rioting (on New Year’s Eve), and xenophobic and racist comments as well, with many blaming asylum seekers and migrants for the events. 

“There’s a lot of tension in the air,” Erich Wahl of the Youth and Leisure Association (VJF), which is in charge of youth work in Linz, told Der Standard on what could have motivated the riots. 

READ ALSO: What measures against foreigners is Austria’s far-right trying to take?

Wahl mentioned that the Covid-19 crisis, inflation, and even the war in Ukraine could add to “built-up anger”, especially in young kids. Added to that, immigrants are often in a more difficult situation. 

For example, young people with Afghan, Syrian and Iraqi citizenship have a 21.9 percent unemployment rate, almost four times higher than for Austrians, the daily added.

Interior Minister Gerhard Karner (ÖVP) said the government wants to use “the full force of the law”.

Karner focused on the third-country citizens, saying their permits would be “examined” and that removal from the country could occur in serious criminal offences. 

READ ALSO: ANALYSIS: Could Austria ever change the rules to allow dual citizenship?

He added that he wanted deportations to happen also to Syria and Afghanistan, where most of the suspects were from, but mentioned that this would be in the “long-term”, as deportations to war states are not allowed under international law.