Details are sparse and almost nonexistent in the European press. The Washington Post, however, in its own brief report, notes “The investigation began Monday after an employee at the data protection authority notified police that someone appeared to have a large number of digital files containing personal data, the head of financial and electronic crimes police Dimitris Georgatzis said.”
That is almost all that is currently known. The man has not been named. How he got the details is unknown. What he intended to do with them is debatable. And how the theft came to light is unexplained.
There are, however, one or two clues. “The 35-year-old was tracked down through the internet, and computer equipment seized from his house during a search, Georgatzis added,” says the Washington Post. This would suggest some activity on the internet, perhaps a careless comment or an approach to the wrong person. Either way, an alert “employee at the data protection authority notified police that someone appeared to have a large number of digital files containing personal data.”
But while we may not yet understand the details of the incident, we can certainly take warning from it. “There are a number of things to be learned from this case,” explained Chris McIntosh, CEO of ViaSat UK, “none of which inspire confidence. First, it shows how easy it is for personal details to fall into the wrong hands: after all, 9 million personal data files could represent more than 80% of Greece’s population.”
Nine million is a huge number in a country with a population of just 10 million (10,787,690 in the 2011 census - Wikipedia), so there is undoubtedly some duplication. Without that duplication, “The UK equivalent would be one person having the details of over 50 million people” continued McIntosh. “More crucially,” he added, “there is still the question of how the records were obtained and how the theft was reported. While it seems that an employee of the Greek Data Protection agency notified the police, if they hadn’t noticed that one person was amassing files there is no knowing exactly what would have been this data’s eventual fate.”
He suggests that “Both organisations and civilians should see cases such as these as a wake-up call.” Paranoia, he adds, is “sensible behavior in the information age.”