The Ukrainian cyber police have arrested a 36-year-old man from the city of Netishyn for selling the personal data and sensitive information of over 300 million people, citizens of Ukraine, and various European countries.
The seller was using Telegram to promote the stolen data to interested buyers, asking between $500 and $2,000 depending on the amount of data and its value.
“The man was an administrator of closed groups and channels in the Telegram messenger, where he sold personal data of citizens of Ukraine and the European Union,” reads the .
“In particular, the attacker had information on passport data, taxpayer numbers, birth certificates, driver’s licenses, and bank account data.”
The police’s investigation revealed that the buyers were Russian citizens who used currencies prohibited on Ukrainian territory to pay for the acquired databases. This is also how law enforcement was led to the cybercriminal.
During the police’s raid on the offender’s location, he attempted to obstruct the investigation and attacked a police officer.
The law enforcement officers proceeded nonetheless to confiscate 36 hard drivers, computers, and server equipment, containing several databases, the origin of which will be determined by subsequent analysis.
The arrested man now faces criminal proceedings under Part 2 of Art. 361-1 (creation of software for malicious means), Art. 362 (unauthorized access to information stored in computer networks), and Part 2 of Art. 345 (threat or violence against a law enforcement officer).
The latter incurs an imprisonment sentence of up to five years, while the punishment for the first two violations of Ukraine’s criminal code varies depending on the severity of the crime, the suspect’s criminal history, and the specific circumstances of the case.
In December 2021, the Ukrainian cyberpolice conducted a large-scale operation for the who were selling 100 databases totaling 90,000 GB of data, corresponding to 300 million people from the U.S., Ukraine, and various European countries.