Ukraine Arrests 51 for Selling Data of 300 Million People in US, EU

Ukrainian law enforcement arrested 51 suspects believed to have been selling stolen personal data on hacking forums belonging to hundreds of millions worldwide, including Ukraine, the US, and Europe.

“As a result of the operation, about 100 databases of personal data relevant for 2020-2021 were seized,” the Cyberpolice Department of the National Police of Ukraine said.

“The seized databases contained information on more than 300 million citizens of Ukraine, Europe and the United States”

Also Read: Data Protection Trustmark Certification: Business Advantage

Following this large-scale operation, Ukrainian police also shut down one of the largest sites used to sell personal information stolen from both Ukrainians and foreigners (the site’s name was not revealed in the press release).

On the now shutdown illegal marketplace, suspects were selling a wide range of stolen personal data, including telephone numbers, surnames, names, addresses, and, in some cases, vehicle registration info.

“The attackers sold information on closed hacking forums, as well as on social networks and messengers,” added Serhiy Lypka, Head of the Department for Combating Crimes in the Field of Computer Systems.

“A total of 117 searches were conducted in different regions of Ukraine. As a result, more than 90,000 gigabytes of information were removed.”

The suspects were apprehended following a November operation dubbed “DATA,” aiming to stop the illegal distribution of stolen personal data on unlawful online markets.

Also Read: Data Anonymisation: Managing Personal Data Protection Risk

Crackdown on cybercrime

Ukraine has cracked down on cybercrime activity within in borders throughout the year, with recent arrests of threat actors behind DDoS attacks, ransomware gang members, and money launderers.

Last month, Ukraine’s Security Service of Ukraine (SSU) also arrested five suspects in Kyiv and Kharkiv, believed to be members of the international ‘Phoenix’ hacking group specializing in remote hacking of mobile devices.

In September, the Security Service of Ukraine (SBU) also took down a network of six call centers in Lviv, used by a scam ring to defraud cryptocurrency investors worldwide.

As a measure of scale, the US Federal Trade Commission (FTC) said in May that over $80 million were lost to cryptocurrency investment scams, based on roughly 7,000 reports received since October 2020.