On Monday, the names, addresses and PESEL numbers of people who performed tests in medical facilities (and these were analyzed by ALAB) are in the hands of hackers, and they published some of the data online.
How to check if I have been a victim of an ALAB data leak?
First of all, it is worth noting that so far the hackers responsible for the attack have published only a sample of data containing approximately 55,000 pieces of data online. laboratory test results. This translates into just over 50,000. patients whose data were disclosed. As he noted, only tests commissioned by three medical facilities were selected for the sample – one from Łomianki, Warsaw and Łódź. The research also comes from different periods, the oldest records date back to October 2017, and the latest ones date back to September 2023.
Taking this into account, it can be assumed that all people who did not order medical tests at ALAB in these three cities during this period are safe. At least for now, because the hackers are threatening that they still have 246 GB of data and will publish it by the end of the year. The mentioned sample was supposed to be a demonstration of capabilities, which occurred due to ALAB’s “lack of willingness to cooperate” (the hackers probably did not receive the requested ransom) –
However, if we performed any laboratory tests in these cities and during the mentioned period, it is definitely worth checking whether our data is included in the packages available online. Fortunately, this can be easily done using a government tool. Both Janusz Cieszyński (former Minister of Digitization), CERT Polska and the Central Information Technology Center confirmed that the website has been updated with data from this leak.
Using the tool is very simple and the entire operation takes a few minutes. The website only requires logging in via the Trusted Profile, and then compares our PESEL number with those in the stolen databases. It is worth remembering that the tool only shows whether data has been leaked (not the full set of stolen information) and only contains data that has already been published by hackers. Therefore, if thieves publish further data, the verification will have to be repeated.
What can happen? People are afraid about their PESEL numbers
Unfortunately, the threat is real because very detailed personal data of patients has been leaked online. And it’s not about someone being able to view the results of our tests, check when and where they were ordered and which doctor did them. The data contained in the files enable fraudsters to take out loans and credits online using other people’s data. So you can suddenly wake up with a serious problem.
In addition to this threat, there are also all other consequences of identity theft – criminals may, among others: try to extort insurance funds for our data, collect a duplicate of our SIM card or register a pre-paid number on us and use it for illegal purposes. It is therefore not surprising that Internet users are concerned on social media about their PESEL numbers, which are also included in the package.
What to do to avoid waking up with a loan?
Unfortunately, there’s not much we can do. First of all – as we have already mentioned – it is worth checking whether our data has been leaked. If so, you can try to report data theft to the appropriate services. The law allows us to report the theft of data to the police, who are obliged to initiate an investigation into such a case. This crime can also be reported to the prosecutor’s office.
It is also worth keeping your PESEL number, which can be easily done, among others: via the mObywatel application or stationary – including: at the commune office. This is because banks, loan companies and telecommunications operators will be obliged (and able) to check whether the customer’s PESEL number is reserved only from June 1, 2024 (however, it is worth blocking it in advance).
The third method is to use the services of the Credit Information Bureau. BIK allows you to generate a report on our current liabilities and sends alerts in the event of taking out a loan or credit for a given PESEL number. It is worth having such alerts turned on, even if our personal data has not been leaked in any recent high-profile incident. Unfortunately, both services are paid (alerts PLN 36 per year), but twice a year we can apply for a free copy of the data from the BIK report.
Source: Gazeta
Mabel is a talented author and journalist with a passion for all things technology. As an experienced writer for the 247 News Agency, she has established a reputation for her in-depth reporting and expert analysis on the latest developments in the tech industry.
