Cyberattack on EasyGov
Criminal hackers have managed to steal a list of names of up to 130,000 companies that applied for Covid 19 credit through the EasyGov platform in 2020.
Using the EasyGov web platform, criminal hackers managed to steal a list of names of up to 130,000 companies via an automated query in August 2021. These companies had applied for Covid 19 credit in 2020, at the height of the pandemic-related economic crisis.
Not affected are those companies that have already repaid the loan in full, as well as all confidential company data such as bank details, IBAN number, contact persons, etc. The credit amount as part of the attacked data collection was not tapped by the hackers. The data of the companies registered on EasyGov is also not affected.
According to the analysis of EasyGov's access logs, an attack with up to 544,000 accesses per day was detected between August 10 and 22, 2021. A total of 1.3 million queries were made in August. This involved an automated query based on the UID numbers, and it was possible to generate a list of companies with a high probability of having applied for a Covid 19 credit and not yet repaid.
The investigations are being pursued "at full speed" by SECO, according to a statement from the federal government. SECO is not aware of any other security leaks.
The cyber attack that took place is still being comprehensively investigated and all necessary measures are being taken to ensure that the platform is also secure in the future in the public area (without login), according to SECO.
Source: SECO
