Europol in massive data breach on terrorism probes
Names and telephone numbers of suspects in terrorism probes carried out by the EU police agency Europol have been posted online by accident.
The Hague-based agency, which coordinates police efforts across the EU, told this website on Wednesday (30 November) that an ex-staff member had taken the data home in contravention of security protocols.
Dear EUobserver reader
Subscribe now for unrestricted access to EUobserver.
Sign up for 30 days' free trial, no obligation. Full subscription only 15 € / month or 150 € / year.
- Unlimited access on desktop and mobile
- All premium articles, analysis, commentary and investigations
- EUobserver archives
EUobserver is the only independent news media covering EU affairs in Brussels and all 28 member states.
♡ We value your support.
If you already have an account click here to login.
"The concerned former staff member, who is an experienced police officer from a national authority, uploaded Europol data to a private storage device while still working at Europol, in clear contravention to Europol policy," said Jan Op Gen Oorth, a spokesman from the agency, in an email.
He said the cases related to the breach are a decade old and that all involved EU states have been notified.
Dutch TV programme Zembla, aired by public broadcasters Vara and NPS, which first reported the breach, said the agent had inadvertently published information about 54 different police investigations. The programme had reportedly informed the agency of the files some two months ago.
The breach spanned over 700 pages of data. Europol says most pages contain public information and that those that were not public have not had any affect on ongoing investigations.
"Individual mistake by ex-staff, yes, some data yes, but most information is public anyway and of those that were not public, no ongoing investigation has been jeopardised," said Op Gen Oorth.
But Dutch liberal MEP Sophie in ’t Veld wants Europol's director Rob Wainwright and the EU commissioner in charge of security, Julian King, to explain the leak before the EU parliament.
“This is extremely shocking. Europol was aware of this security incident since September, yet its director decided not to inform the parliament during a joint meeting of the European Parliament and the national parliaments on Europol scrutiny just two days ago," she said.
The breach poses larger questions about data protection standards of an agency, whose investigative powers are set to expand next May. Leaked information may also strain relations with other EU states, who may be reluctant to share data if it is not properly secured.
The new rules will make it easier for the agency, which employs over 600, to set up so-called specialised units. Those units are likely to work a lot closer with intelligence agencies in an effort crack down on terrorism and crime.
Europol is helping police track down terrorists and other criminals. It maintains a terrorist database, known as Focal Travellers Point, to help coordinate their efforts. The database contains information on some 34,000 people, including foreign fighters.
The agency had also processed some 80 terabytes of data in the aftermath of the Paris and Brussels terror attacks.