Cybercrime

Hacker arrested in France for theft of COVID-19 tests for 1.4 million Parisians

French police have detained a 22-year-old suspect on the accusation of breaching a Paris hospital, stealing, and then leaking the COVID-19 test results of more than 1.4 million patients.

The suspect, whose name was not released by authorities, was arrested on Wednesday, October 6, in the village of Ollioules dans le Var, in the south of France, according to a press release from the Paris police.

French newspaper Le Journal du Dimanche, which first reported the arrest earlier today, said the suspect admitted to his crime in police custody.

Suspect breached the largest hospital trust in Europe

Authorities said the suspect breached Paris-based hospital trust Assistance Publique – Hôpitaux de Paris (AP-HP), the largest hospital system in Europe and one of the Top 10 hospital trusts in the world.

The breach took place last month, in early September. AP-HP disclosed the incident in a press release published on its website, three days after it discovered the hack, on September 12.

Hospital officials said the hacker breached a file-sharing server its staff was using to share laboratory tests with the French Health Ministry.

According to officials, the 22-year-old broke into this system, stole files containing COVID-19 test results, and uploaded the files on file-sharing portal MEGA.

The suspect then shared links to these files on French video hosting platform JeuxVideo, and on his now-deleted Twitter profile of @Scrizophrene.

Police said the suspect often posted messages against France’s COVID-19 restrictions and the use of “passe sanitaire” — a document issued in France to citizens who have been vaccinated against the COVID-19 virus.

Officials said they’ve taken down the stolen AP-HP data from the MEGA platform, but they believe the files had been downloaded and broadly shared through other means.

Per officials, the stolen files contained information such as:

  • Full names
  • Dates of birth
  • Gender
  • Social security numbers
  • Home addresses
  • Emails
  • Telephone numbers
  • COVID-19 test results from mid-2020

AP-HP said it has sent notification letters to all patients that had their data stolen.

Catalin Cimpanu

Catalin Cimpanu is a cybersecurity reporter for The Record. He previously worked at ZDNet and Bleeping Computer, where he became a well-known name in the industry for his constant scoops on new vulnerabilities, cyberattacks, and law enforcement actions against hackers.

Recent Posts

Conti ransomware hits Apple, Tesla supplier

The Conti ransomware gang has been linked to an attack on Delta Electronics, a Taiwanese…

37 mins ago

Biden administration launches initiative to protect U.S. water systems from cyberattacks

The Biden administration on Thursday will kick off an effort to protect the country’s water…

1 hour ago

DeepDotWeb co-admin sentenced to 8 years in prison

One of the two administrators of the DeepDotWeb portal was sentenced this week to 97…

4 hours ago

Ukrainian government calls out false flag operation in recent data wiping attack

The Ukrainian government said today that it found evidence meant to connect the data wiping…

17 hours ago

Meta’s free mode came with a cost, report says

Meta Connectivity (previously Facebook Connectivity) is facing scrutiny after reports emerged that their Free Basics…

20 hours ago

White House releases final zero-trust strategy for federal government

The White House on Wednesday issued finalized plans for its strategy to move the federal…

23 hours ago