Attack on EuroCert. Minister of Digital Affairs Krzysztof Gawkowski issued recommendations

Deputy Prime Minister and Minister of Digitization Krzysztof Gawkowski, in a Friday announcement on the ministry's website, indicated what should be done to limit the effects of the EuroCert data leak, which occurred on January 12 this year. He added – currently, “there remains a high level of risk of incidents in Polish cyberspace.”

The Deputy Prime Minister's recommendations include primarily a review of the IT infrastructure, with particular emphasis on the solutions provided by EuroCert and data processed by the company. – The analysis is intended to identify potential security gaps that could be exploited by cybercriminals – Gawkowski pointed out.

He also recommended immediately blocking remote access and cutting off infrastructure connections with EuroCert, which is to prevent unauthorized access to systems. “System logs (all activities in the system – ed.) should also be analyzed, starting from November 1, 2024,” the announcement said. This will allow you to detect cases of unauthorized use of service accounts or inter-system connections.

“Another recommendation is to change the credentials for all accounts and systems related to EuroCert, i.e. update login data. Two-factor authentication for external accounts should also be implemented,” we read in the message. It was also recommended to be more vigilant against cybercriminals who may try to impersonate EuroCert and thus extort information. Gawkowski also advises conducting a risk analysis of the use of qualified signatures and seals provided by EuroCert, in particular in public administration entities.

“Any suspicious incident should be immediately reported to the appropriate CSIRT,” it was noted. This can be done via the website incident.cert.pl. Suspicious SMS messages can be reported to 8080.

The Ministry of Digitization announced on Friday on the X platform that “the incident is not related to the operation of the State Register System (SRP).”

“This system combines, among others, the PESEL Register, the Identity Card Register, the Passport Documents Register, the Civil Status Register and the Central Register of Voters” – informs the Central Information Technology Center (COI). It was added that SRP is used by offices and enables, among others, keeping population records; handling matters related to the issuance and invalidation of identity cards and passports; organization of elections and referenda.

The ransomware attack on EuroCert occurred on January 12. As Gawkowski said on Friday, the analysis of the attack is ongoing and is being conducted by CSIRT NASK in cooperation with the Central Office for Combating Cybercrime, other national CSIRTs and the Ministry of Digitization.

The case was also reported to the Personal Data Protection Office, which the president (PUODO) confirmed in a statement on Friday. “The case is currently being analyzed by the Office and the data controller itself. PUODO is waiting for a supplementary notification from the personal data controller,” he said.

As a result of the attack on Eurocert, which the company announced earlier in the announcement, personal data of the company's clients, contractors and employees were leaked, such as: identification data, contact details (e-mail address, telephone number), PESEL numbers, names and surnames, dates birth, ID card data (series and number), as well as images, usernames and passwords.

Gawkowski reported on Friday that during the meeting of the Joint Cybersecurity Operations Center it was determined that, in addition to personal and access data, concluded contracts and information about ongoing projects could also have been leaked. The minister also said that a meeting of the Critical Incidents Team had been convened in connection with the attack.

EuroCert has been operating on the market since 2012 and is one of five companies in Poland that provides qualified trust services based on the status granted to it by the National Certification Center of the NBP, which the company writes about in its social media. It offers, among others: electronic signatures, seals and timestamps. It provides services throughout the country in direct sales, online sales, and through a network of nearly 400 authorized partners. According to her, her clients include public entities and companies, including: The Capital City of Warsaw, Polish State RailwaysPoczta Polska, Scania, Warbud, IBM.