Jeremiah Fowler claims the exposed records included identification documents and debit card details, which could be used for financial and phishing scams.
More than 520,000 records relating to car seizures conducted by An Garda Síochána were exposed in a recent data breach, according to a cybersecurity researcher.
Jeremiah Fowler of vpnMentor shared details of a database he discovered that contained records from “numerous private towing and storage companies”, which appeared to be working as private contractors for Ireland’s police service.
Fowler said the records go back as far as 2017 and included “potentially sensitive data” such as vehicle owner names, contractor data and vehicle registration certificates. He also claimed the records contained notices of car seizures, destruction notices, release documents, insurance investigation inquiries and “other documentation relevant to the detention of a vehicle”.
Small example of the identification documents contained in the database. Image: Jeremiah Fowler
The researcher estimates that there are roughly two to five documents related to each individual case, which means “an average of 150,000 vehicle owners” could be potentially affected by the breach.
Fowler said the database belonged to a private contractor based in Limerick and that the records were restricted on the day when he informed An Garda Síochána about the issue. It is currently unclear how long the database was unrestricted for.
“The technology contractor acted quickly and professionally, they reached out to me to confirm that the records were secure and to ensure that there was no malicious intent in my discovery and disclosure,” Fowler said in a blogpost.
“Although the records indicate they are officially related to Garda’s seizure and storage of vehicles it is important to note that [An] Garda Síochána was not directly responsible for the misconfigured cloud storage repository that resulted in the data breach.”
Fowler said that law enforcement documents and records are “especially coveted” by malicious hackers, as they contain personal identifiable information that can be used for financial or phishing scams.
He also told The Independent that some of the exposed records contained full debit card details, which could be used by scammers.
“If you notice anything out of the ordinary, you should act fast to report it to your bank or freeze the account,” Fowler said. “Another serious potential risk is criminals using identification documents exposed online for identity theft. This includes criminals impersonating you, obtaining financial services in your name, and even using the documents as a template to create fake IDs.
“Monitoring your credit reports or subscribing to a credit monitoring service can help to detect any signs of identity theft and limit the damages or fraudulent accounts.”
Earlier this year, four police forces in Northern Ireland and the UK reported data breaches within a month, which were all reportedly caused by technical issues and human error.
10 things you need to know direct to your inbox every weekday. Sign up for the Daily Brief, Silicon Republic’s digest of essential sci-tech news.
