EU parliament member’s data breached ?

Posted on May 18, 2020 by Vijayashankar Na

In an embarrassing revelation, an Indian security firm “Shadowmap” promoted by Yash Kadakia, has revealed that data about 1200 accounts of elected officials and staff and another 15,000 accounts of EU affairs professionals were disclosed on the web along with the encrypted passwords.

This is being highlighted here not because we are happy that the data has been exposed, but to indicate to politically motivated ethical hackers like “Elliot Alderson” or “Robert Baptiste” that instead of worrying about the data breach incidents in their own country, they are trying to spread false rumors of data breach in India whether in the Arogya Setu or Aadhaar.

If Indian hackers work with similar motivation as Mr Baptiste to defame foreign Governments, perhaps many other Governments EU can also be embarrassed. But I suppose Indian hackers are not largely interested in such unproductive attacks (Except perhaps on Pakistan!).

The entire world is grappling with data security and need to make Internet more trustworthy. I therefore urge that the talented hackers who call them “Ethical”, should help the community to defeat the dark web and criminals who operate therefrom, rather than going after defaming the Government officials who may not be as much talented.

An academic question that arises in this case is “Who is liable under GDPR for this breach?”

Since the EU parliament is headquartered in France, (or is it still Belgium? or Luxembourg?)  it has to come under the jurisdiction of the French Supervisory authority and Mr Baptiste should directly contact the supervisory authority of his country and question them. Technically however, the breach is attributed to whom so ever was responsible as a “Data Controller”. It could be some department of the EU Parliament like our own NIC being a part of the Government. Will it be considered as a separate entity and notice issued? … We will wait and see how committed is the EU Parliament for the cause of data protection.

Perhaps the Internet Freedom Foundation and other similar friends of  Baptiste should issue a notice to the EU Parliament committee to take action.

Naavi

P.S: Also see here:

About Vijayashankar Na

Naavi is a veteran Cyber Law specialist in India and is presently working from Bangalore as an Information Assurance Consultant. Pioneered concepts such as ITA 2008 compliance, Naavi is also the founder of Cyber Law College, a virtual Cyber Law Education institution. He now has been focusing on the projects such as Secure Digital India and Cyber Insurance
This entry was posted in Cyber Law. Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.