The Ragnar Locker group executed a failed ransomware attack operation after they published stolen data from the local police unit of Zwijndrecht in Belgium instead of the municipality’s people. These leaked data from 2006 to September 2022 included thousands of crime report files, investigation reports, car plate numbers, fines, and staff details, among others.
Security analysts said that the data leak could expose the privacy of those who reported crimes and compromise ongoing operations and investigations of the authorities. Media outlets in Belgium considered the incident one of the biggest cyberattack leaks that affected the country’s police force.
As though downplaying the incident, the Zwijndrecht police said that the failed ransomware attack that hit them was minimal.
According to the affected law enforcement group, the hackers from the failed ransomware attack only accessed administrative network data, holding personnel information, such as staff names and photos. Nonetheless, the Belgian authorities admitted that some leaked data include sensitive ones, such as child abuse photos, fines, and more.
Furthermore, some files, like traffic camera footage, were also said to be leaked, which experts said could expose people’s locations at certain dates and times.
The breach in the network of the municipality of Zwijndrecht is still regarded as significant since thousands of people’s data are compromised by the threat actors. Based on a news report, the hackers had allegedly targeted a Citrix endpoint with poor security to hack into the affected municipality’s police network.
A journalist stated that the local police must be more protective of handling people’s data moving forward, especially since a cybersecurity incident had compromised sensitive information. Meanwhile, a lawyer advised affected individuals to secure their information while separate attacks have yet to launch, including changing license plates, identity cards, passwords, and others.
The lawyer added that the incident’s repercussions could last a lifetime; thus, people must always be aware of threats, including identity theft, fraud, or phishing attempts.