Dutch police have arrested three individuals in connection with a large-scale criminal operation that included data theft, extortion, and money laundering. The suspects include two 21-year-old men from Zandvoort and Rotterdam and an 18-year-old man without a permanent residence.
The police believe that the hackers stole personal data from tens of millions of individuals, including their names, addresses, telephone numbers, bank account numbers, credit cards, passwords, and passport details. It’s estimated that the hackers demanded ransoms ranging from €100,000 to €700,000 from each company they targeted.
The investigation began almost two years ago when a large Dutch company suffered a security breach. Thousands of companies and institutions, both national and international, have been victims of computer intrusion followed by theft and handling of data in recent years, according to the police.
The targets of the attack included catering, training institutes, e-commerce, software, social media, and critical infrastructure. The threat actors demanded a Bitcoin payment from the affected companies and threatened to publish the stolen information online or destroy the digital infrastructure.
The sensitive nature of the stolen information makes it a high-value target for social engineering attacks and various types of fraudulent activities, according to the police. The captured data is processed to be traded to other criminals.
The police warned that data theft and data trading is a huge revenue model for criminals, and stolen datasets are being refined and filtered in a way that makes them easily searchable to find appealing targets and mount convincing attacks. The Dutch police described this criminal operation as “sophisticated.”
This case underscores the ongoing and evolving threat of cybercrime, which can cause significant damage to businesses and individuals alike. Law enforcement agencies and organizations must remain vigilant and proactive in their approach to cybersecurity to prevent such attacks from happening and mitigate the risks of data breaches.