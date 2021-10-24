There Siae victim of a hacker attack. The Team Everest ransomware has paralyzed the computer system of the Italian Society of Authors and Publishers: hackers have taken possession of 28 thousand confidential documents and have already published about 60 gigabytes of subscriber data on the dark web, including sensitive data such as identity cards, driving licenses, health cards and addresses. The documents placed on the net are only a small part of the database stolen from the company: in order not to spread the others a ransom from 3 million in bitcoin, which SIAE makes it known that it does not intend to pay because there is no guarantee that the dissemination of data will be blocked. Two weeks ago the institution was already been the subject of a phishing attempt.

“We have already made the complaint to the Postal Police and the Privacy Guarantor as per practice. All authors who have been subject to attack will then be promptly informed. We will constantly monitor the progress of the situation trying to secure the data ”, says the general manager Gaetano Blandini. The investigations are entrusted to the Rome Department of the Cnaipic (National Cybercrime Center for the Protection of Critical Infrastructures) of the Postal Police. From the first reconstructions, it seems that the data object of the hacker attack suffered by the SIAE were not encrypted but “exfiltrated“(Stolen without authorization) from the Company’s database and then published on the dark web.

“Subscribers whose data has been breached they can no longer do anything: just make a local mind of what data they have provided, because, if they are on the dark web, they will publish it. For them it is a disaster, they should start changing at least the telephone number“. He tells it to LaPresse Riccardo Meggiato, one of the leading Italian cybersecurity experts, declaring himself “amazed” by the fact that the data have already been published. “Usually the new trend is to do a double trick: data is stolen and, if the ransom is not paid, it is made public. Here it seems like there was one less step: probably, they’ve already played the first card, ”he says. “Indeed, the published data could only be accessible for a fee: the hackers perhaps knew they would not collect the ransom, and so they decided to make cash.”