Warnings by the Minister of Digital Affairs after the attack on EuroCert. Serious data leak

EuroCert is a company providing services, among others: qualified signature. On Thursday, January 16, its representatives informed about a hacker attack that took place on January 12 at night. The Minister of Digitization, Krzysztof Gawkowski, decided to inform Internet users about its effects via social media.

Successful hacker attack on EuroCert

“It led to a breach of personal data protection through a malware attack that encrypted files stored on our servers,” EuroCert confirmed. Data leaked not only of customers and contractors, but also of employees.

It was revealed that this concerns contact details, such as e-mail address, telephone number, as well as PESEL numbers, names and surnames, dates of birth and data regarding identity cards, i.e. series and number. The hackers also took over the images and usernames and, above all, their passwords.

“Currently, the incident is the subject of activities carried out by the police and CERT Polska,” the company said. The leak was also reported to the President of the Personal Data Protection Office. It is not known what the scale of the leak was.

Data collected by EuroCert was leaked

“EuroCert sp. z o. o. makes every effort to minimize the effects of the attack and restore full functionality of IT systems as soon as possible,” we read in the statement.

EuroCert is one of five companies in our country providing the so-called qualified trust services. This opportunity was granted to her by the NBP National Certification Center. The speech includes: about electronic signatures, seals and time stamps. He cooperates with, among others: with Warsaw, PKP, Poczta Polska and Scania, Warbud, IBM, UNIQA.

NASK: The risk is high

NASK – National Research Institute reminded that EuroCert is not related to CERT Polska, to which the attack was reported. “The systems are currently being restored to full operation. The attack vector will be the subject of further arrangements, which will help reduce similar risks in the future,” NASK said.

NASK emphasized that “the risk of data being made public is high” and people affected by the attack should be ready for cyber fraudsters to use their data. We should also be vigilant about incoming e-mails, telephone calls and other messages, and verify the sender at the source. For example, blocking your PESEL number in the mObywatel application can help you minimize the risk.