" We have activated the security systems , the confidentiality maintained in these days is due to the ongoing investigations".

This is what the Sardinia Region specifies in a note regarding the hacker attack of last June 17, which caused thousands of files containing the personal data of employees of the Region and users of some general directorates to end up on the dark web.

“On February 1st - explains the Region - the in-house company SardegnaIT suffered a ransomware-type cyber attack which also spread to the management systems of the digital archives of the Regional Administration. The attack was managed with the Postal Police of Cagliari with the support of Cnaipic (National Cybercrime Center for the protection of critical infrastructures, ed.). No redemption was requested and no negotiations were initiated by the regional administration offices . The typical contact request to the hacker group was present in the attacked PCs and servers, which by our offices was notified exclusively to the Postal Police. The attack was limited exclusively to a part of the management systems, workstations and file archives, which were then published on the dark web on 17 June ".

After an initial management phase, continues the Region, “we immediately proceeded to restore the data from the backup systems which were intact”. It is specified that the Region " has not suffered any disservice impacting the basic systems " and that therefore "the attack has not spread to the central systems: accounting, protocol, personnel management".

Again: "The databreach - continues the note from the Region - was immediately notified by the Data Controller (through the office of the Data Protection Officer) to the data protection supervisor, following the correct administrative procedure. A complaint was also filed with the competent authorities through the Postal Police of Cagliari, which is carrying out the investigations, and considering the international context, the offices have kept the utmost confidentiality also due to the first leak of information as the investigations are still ongoing. in order to identify those responsible ".

DERIU - A Sardinia "not in step with the times". So instead Roberto Deriu, adviser of the Democratic Party, comments on the hacker attack . "I have already said it several times and I repeat: investing concretely in cybersecurity means guaranteeing a better future for our region and keeping it away from certain serious facts".

Cybercriminals have made thousands of files with the personal data of employees of the Region and users of some general directorates end up on the dark web . The Administration itself spoke of possible consequences such as "usurpation of identity, loss of control over one's personal data, use of the same data for phishing purposes".

"Episodes of this kind - continues Deriu - must represent a strong impetus to address and solve the problem at its root. A need that I myself had already highlighted in recent months, presenting an agenda on the subject linked to digital cybersecurity, approved by the Regional Council . For Sardinia it is essential that a competitive relaunch in the digital field is immediately ensured, which necessarily involves the efficiency of the safety of the regional public administration, including universities, and at the same time offers development and growth opportunities for the entire Sardinian community ".

"Reviving the competitiveness and productivity of the country system, through digitization and innovation, and therefore also through cybersecurity - concludes the Pd councilor - must be a challenge that Sardinia cannot afford to lose".

ADICONSUM - Adiconsum Sardegna has meanwhile announced a complaint to the Public Prosecutor of Cagliari and to the Guarantor for the protection of personal data .

"This is a very serious episode that puts the safety of Sardinian users at risk and could have enormous repercussions for the community - explains President Giorgio Vargiu - In fact, sensitive information of citizens, such as health and banking data, ends up on the dark web. which could lead to illegal transactions on current accounts or through ATMs and credit cards ".

"The Public Prosecutor and the Guarantor will have to ascertain how the theft of such a quantity of data was possible, and if the IT systems of the public administration and the security measures were adequate, verifying any responsibilities of the institutions involved - continues the president of Adiconsum Sardegna - We want to know why the alarm was raised only today, despite the fact that the Sardinia region, according to what the media reported, would have been aware of the attack as early as last June 17, and the reasons for this delay in communications to citizens ".

"In the meantime, we invite all Sardinian citizens to pay close attention, ignore suspicious emails, sms and Whatsapp messages, change passwords to access current accounts, ATMs and other banking instruments, and carefully check the movements on their accounts in the coming days" , concludes Vargiu.

(Unioneonline / ss-L)

© Riproduzione riservata