Confidential documents belonging to the Europol were exposed online after an employee copied the data on a USB drive and accessed it using a home computer connected to the Internet.
Dutch documentary Zembla reveals that the leak wasn’t caused by external sources, but by a Europol worker directly, who violated Europol’s policy and copied files on a private storage device.
More than 700 pages of confidential information were copied from Europol’s servers, and they include hundreds of names and phone numbers belonging to individuals involved in terrorist investigation. According to Ars, they also included information on a number of attacks, including the Madrid bombings, but also cases that have never been made public.
The Dutch source claims that all files were left unencrypted on a storage device plugged into a computer without a password and connected to the Internet, which made it possible for anyone discovering them to download the data freely.
Europol confirmed the leak
The Europol has already confirmed that the data was exposed because of a human error and said that it already launched an internal investigation to discover what exactly happened.
“The concerned former staff member, who is an experienced police officer from a national authority, uploaded Europol data to a private storage device while still working at Europol, in clear contravention to Europol policy,” Europol's spokesperson Jan Op Gen Oorth was quoted as saying.
“A security investigation regarding this case is on-going, in coordination with the respective authorities at national level to which the staff member returned. Current information suggests that the security breach was not ill-intended.”
For the moment, it’s not yet known if and how many people were able to access the documents, but given the confidential nature of the information stored in them, it’s very clear that similar data leaks need to be prevented in the future. The Europol is well-known for strict internal security, but the organization now says that it’s nearly impossible to prevent human errors like this one.