Cybercrime

Hacker arrested in France for theft of COVID-19 tests for 1.4 million Parisians

French police have detained a 22-year-old suspect on the accusation of breaching a Paris hospital, stealing, and then leaking the COVID-19 test results of more than 1.4 million patients.

The suspect, whose name was not released by authorities, was arrested on Wednesday, October 6, in the village of Ollioules dans le Var, in the south of France, according to a press release from the Paris police.

French newspaper Le Journal du Dimanche, which first reported the arrest earlier today, said the suspect admitted to his crime in police custody.

Suspect breached the largest hospital trust in Europe

Authorities said the suspect breached Paris-based hospital trust Assistance Publique – Hôpitaux de Paris (AP-HP), the largest hospital system in Europe and one of the Top 10 hospital trusts in the world.

The breach took place last month, in early September. AP-HP disclosed the incident in a press release published on its website, three days after it discovered the hack, on September 12.

Hospital officials said the hacker breached a file-sharing server its staff was using to share laboratory tests with the French Health Ministry.

According to officials, the 22-year-old broke into this system, stole files containing COVID-19 test results, and uploaded the files on file-sharing portal MEGA.

The suspect then shared links to these files on French video hosting platform JeuxVideo, and on his now-deleted Twitter profile of @Scrizophrene.

Police said the suspect often posted messages against France’s COVID-19 restrictions and the use of “passe sanitaire” — a document issued in France to citizens who have been vaccinated against the COVID-19 virus.

Officials said they’ve taken down the stolen AP-HP data from the MEGA platform, but they believe the files had been downloaded and broadly shared through other means.

Per officials, the stolen files contained information such as:

  • Full names
  • Dates of birth
  • Gender
  • Social security numbers
  • Home addresses
  • Emails
  • Telephone numbers
  • COVID-19 test results from mid-2020

AP-HP said it has sent notification letters to all patients that had their data stolen.

Catalin Cimpanu

Catalin Cimpanu is a cybersecurity reporter for The Record. He previously worked at ZDNet and Bleeping Computer, where he became a well-known name in the industry for his constant scoops on new vulnerabilities, cyberattacks, and law enforcement actions against hackers.

Recent Posts

Dems want FTC to investigate Apple and Google for privacy harms made worse Post-Roe

Both companies use unique tracking identifiers in their popular Android and iOS mobile operating systems…

2 days ago

Hacker selling access to 50 vulnerable networks through Atlassian vulnerability

A hacker is selling access to 50 vulnerable networks on a cybercriminal forum after breaking…

2 days ago

Ransomware groups targeting Mitel VoIP zero-day

Ransomware groups are targeting a zero-day affecting a Linux-based Mitel VoIP appliance, according to researchers…

2 days ago

House panel approves major cash infusion for CISA

House appropriators on Friday voted in favor of a $2.9 billion budget for the Cybersecurity…

2 days ago

FTC finalizes order over CafePress security issues

The online sales platform had a major breach in 2019 and tried to cover it…

2 days ago

US arm of Japanese automotive hose maker Nichirin pauses production after ransomware attack

Japanese automotive hose giant Nichirin was forced to pause production this week after a US…

2 days ago