The company stressed that financial and credit card data haven’t been compromised because it was not available in the affected database. The security incident suffered by the A1 network occurred due to a hacker’s intrusion into the part of the system where the data of some users of their services were stored, experts explained, and about 150,000 users of the A1 network were affected.
“Unfortunately, despite advanced protection measures and the constant raising of the level of security, a security incident occurred related to one of the user databases, which compromised part of the personal data of part A1 of users,” A1 explained, adding that they would directly inform all users whose personal data has been compromised.
“Intensive work is being done to establish all the facts related to the security incident, and so far, computer forensics has determined that potentially compromised data are less than ten percent of A1 users. The exposed data include names and surnames, addresses, OIBs, and phone numbers. We emphasize that information on bank cards and accounts is not compromised because it is not available in the specified database,” A1 said after, of course, reporting everything to the police.
Đuro Lubura, court expert for competition in telecommunications, commented to Index.hr that telecom operators have large amounts of personal data of each user and are very often the target of cyber attacks, reminding that in recent years all major telcos experienced more attacks and personal data breaches, and that such things unfortunately happen. “The good thing is that, although this is personal data that needs to be kept, this data is often considered public record. For example, name, surname, OIB, and address are publicly available data for each owner or co-owner of a company or trade, each member of a management board, or candidate in an election. Therefore, in my opinion, this particular personal data breach should not cause too much damage,” Lubura notes.