Dresden: Admin has extracted data from eligible voters on a grand scale
Investigators accuse the man of connecting his own storage media to the city administration's computers and moving around 270,000 files back and forth.
The public prosecutor's office and the Dresden police are investigating a system administrator who is alleged to have illegally copied a complete electoral notification file containing the personal data of 430,000 citizens of the Saxon capital onto at least one external data carrier. This directory contains the names, addresses and dates of birth of all eligible voters in Dresden.
The accused was responsible for the data technology support of the elections for the citizens' office in the municipal IT services company, the city administration explained on Friday. The creation and storage of the electoral register was part of his work. However, there is said to have been no evidence of the copy being used for official purposes.
Admin moved data to private storage
The authorities also accuse the 54-year-old of repeatedly connecting external private storage media to official IT technology of the state capital Dresden without authorization between May and 22 October, thereby transferring a total of around 270,000 files. The suspected data protection breach was discovered during regular checks on the proper handling of personal information by the IT department at the end of October, according to the local authority.
The head of department immediately blocked all access by the accused, it continues. He had official equipment confiscated and issued a ban from the premises. At the same time, the security incident was reported to the Saxon data protection officer, the Sax.cert security emergency team and the State Office of Criminal Investigation.
Read also
MOVEit Transfer: Stolen data from Amazon and Co. is for sale
Cyber gang demands baguettes after data theft at Schneider Electric
Brillen.de: Around 3.5 million customer data records openly online
Data sale on the darknet: Cisco investigates possible cyberattack
USA: Leaked data trader files for bankruptcy
Suspect remains silent
According to the city, the suspect did not make use of his deadline of October 24 to make a statement. His office then filed a criminal complaint with the Dresden police department. One day later, the prosecutors reportedly executed a court order to search the house in the evening hours. All of the storage media in the accused's possession were seized.
The police estimate that the investigation into the man, who has since been dismissed for cause, is ongoing and will take some time due to the volume of data media to be analyzed. They have not yet been able to comment on the motive for the crime. According to the local authority, the accused has since sworn that he did not use, pass on or recopy the extracted data. The incident will be taken as an opportunity to implement "further technical and organizational measures to increase information security" in the short term. These include stricter access protection and the blocking of mobile data carriers.
There are currently no indications that the 54-year-old is in contact with political extremists or is involved in such activities, the public prosecutor's office told the Dresdner Neueste Nachrichten. MDR refers to the fact that a local politician from Dresden is suspected of having manipulated a total of over 200 ballot papers in June and September in favor of the small right-wing extremist party "Free Saxony" in the local and state elections. It is unclear whether there is a connection with the new discovery.
(nie)