Hacking group defaces Faroe Islands tourist website, but kept out of government systems

A hacking group defaced the tourist website for the Faroe Islands – a self-governing territory of the Kingdom of Denmark — and claimed it stole employee data and other sensitive information.

The archipelago of 18 islands has a population of 54,000 and is situated between Norway, Iceland and Scotland’s Shetland Islands.

An IT security specialist with Gjaldstovan – an arm of the island’s Ministry of Finance in charge of public IT, finance and digitalisation – told The Record that the “Visit Faroe Islands” website is not run by the government but is supported by government funding.

The spokesperson said the company that runs the site was breached by the SeigedSec hacking group

“Mainly website modules and programming tools for the tourist company were breached, so it's not related to a governmental site,” the spokesperson said. “But they do have ties to the government with regard to funding. In addition to the modules and CMS, there was also some personal data that was accessed. The names and emails of the persons that have subscribed to newsletters on the website.”

The spokesperson added that they have advised the company to inform relevant European Union Data Protection Authorities about the incident as well as data privacy authorities in the Faroe Islands.

Other agencies are already investigating the incident, according to the spokesperson. The company did not respond to requests for comment.

Despite confirming the breach of the tourist website, the IT security specialist shot down claims by SeigedSec that they hacked any government systems of the Faroe Islands, calling the group’s post “untrue.”

On Telegram, SeigedSec claimed it breached “one of the main websites for the Faroe Islands” and stole personal data alongside the source code for the “Visit Faroe Islands” website.

They shared screenshots of the website's backend and more. The group previously claimed it hacked the state governments of Kentucky and Arkansas last year after the states banned abortion following the Supreme Court decision to overturn Roe v. Wade. But state officials later confirmed that the group simply downloaded publicly available record data.

SeigedSec’s post on Telegram was shared by GhostSec, another hacking group that falsely said last month it stole 40 GB of data from Maine’s government websites. The data taken in that incident was later revealed to have been downloaded public-facing information that was available on Maine’s Department of Environmental Protection (DEP) website.