The Italian Data Protection Authority Garante per la Protezione di Dati Personali has launched an investigation into a breach of the country’s copyright protection agency.
SIAE is a government agency that enforces the rights of copyright holders in Italy.
The GPDP is investigating if hackers stole the personal data of the members and employees of SIAE. SIAE is the main and only royalties collector in Italy, and all creators in the country have registered on its platform.
“In relation to the data breach suffered by Siae, the Guarantor for the protection of personal data informs that it has opened an investigation. The Italian Society of Authors and Publishers had yesterday notified the Authority, within the terms set by the privacy legislation, of the violation of its servers due to a hacker attack for extortion purposes. The Guarantor is currently evaluating the information received from the Company, reserving the right to carry out the appropriate investigations,” wrote GPDP.
SIAE has not provided any details on the scale of the impact. However, Bill Toulas of BleepingComputer reported they have seen a listing on the extortion portal belonging to the Everest ransomware gang, in which the actors claim to have breached SIAE and stolen 60 GB of data.
The data the Everest gang claims to have includes national ID and driver’s licenses and contract agreements between SIAE and its members. The Everest gang also claims that they have contracts and other data related to Italian celebrities, actors, musicians, artists, authors, and well-known creators.
The threat actors are now selling this data for $500,000.
All member of the SIAE are advised to stay vigilant and look out for incoming unsolicited communications, such as social engineering attacks and scam attempts. In case of any suspicion, they should report them to the police’s cybercrime department.