Police probe after database hacked

THE digital database of the Registrar Generals Department was hacked in January and its contents have been published online, according to a statement from the Office of the Attorney General and Ministry of Legal Affairs.

A group called Distributed Denial of Secrets carried out the hack and the matter is being investigated by police. According to the Office of the Attorney General, even though the hack was illicit, the information contained is required by law to be held in the Companies Registry and is accessible by the public after paying a fee.

The statement yesterday said: “The e-Service Business Registration Platform of the Registrar-General’s Office was launched by the Bahamas government in 2016.

“The data required by law to be maintained in the Companies Registry is available to the public, upon the payment of a search fee. Since 2000 as a part of our compliance regime, it has been a legal requirement that a register of directors and officers be filed at the Companies Registry. The Bahamas remains committed to the transparency of its corporate registry. Having said this, we regret to confirm that sometime during the month of January 2020, criminal elements associated with a group called ‘Distributed Denial of Secrets’ unlawfully hacked into the AS400 Server housing the registrar-general’s filings information - which is thereafter transferred to the e-Services Business Registration system - and stole the information therein housed. The said information has recently been published and widely distributed. These acts are breaches of the Data Protection Act and the Penal Code.”

The hacker group was formed “in or about December 2019,” the statement said.

“Two persons have come forward and have been identified as principal ‘activists’ in the group, namely Emma Best and Lorax Horne,” the statement said.

“A thorough police investigation is also currently underway, along with a review of all digital security systems.

“Based on the findings, all necessary action will be taken to ensure that we maintain the requisite data protection, as we understand the importance of this to upholding Bahamian law, to the business community and to the general public.”

The statement said the Office of the Registrar-General was already in the midst of upgrading to a new server, with improved security features.

“This process is now being accelerated. It is important to note that the secured and separate database storing beneficial ownership data required to be electronically filed, under the Register of Beneficial Ownership Act, was not affected by the hacking exercise; nor was the same in any way compromised,” the Office of the Attorney General’s statement said.

Comments

shonkai says...

AS400?? That went out before the Y2K didn't it? Anyway, the server doesn't matter, security is defined more around the procedures you have for safeguarding your data. And we all know how good government is at maintenance. Spending millions of dollars on a new "system" is the easy art, keeping it running securely is the hard part.

Posted 3 June 2020, 8:50 a.m. Suggest removal

Log in to comment