700 pages of confidential dossiers, which included details about terrorism investigations in Europe, have been found exposed on the Internet by the reporters of Dutch TV documentary programme Zembla.
They were housed on a private Iomega network drive located in the home of a former Europol officer who now works for the Dutch police.
The reporters discovered the documents through Shodan, a search engine for finding devices connected to the Internet. The drive in question wasn’t password-protected, and easily accessible to anyone via Internet.
It contained documents on historic terrorism investigations (2004 Madrid train bombings, foiled attacks on airplanes with liquid explosives, etc.) but also details about investigations that were never made public.
Europol Deputy Director of Operations Wil van Gemert said that the data leak has not affected ongoing terrorism investigations, even though they cannot be entirely sure that someone other than the Zembla reporters accessed the files.
“The concerned former staff member, who is an experienced police officer from a national authority, uploaded Europol data to a private storage device while still working at Europol, in clear contravention to Europol policy,” Europol spokesperson Jan Op Gen Oorth told Ars Technica.
“A security investigation regarding this case is on-going, in coordination with the respective authorities at national level to which the staff member returned. Current information suggests that the security breach was not ill-intended.”
He also said that Europol had changed its data protection policies prior to this revelation, and information such as the one that was leaked can no longer be accessed from outside its offices. Still, he admitted that “human error is the weakest link when it comes to the intersection of staff, data, and technology.”
It is to be hoped that this incident won’t dampen the willingness of police forces across the EU to share investigation data with Europol, and won’t interfere with still ongoing investigations.