May 12, 2008, 8:26 PM — An anonymous hacker has posted personal data about 6 million Chilean residents
on the Internet, highlighting wider privacy problems in the country.
The data was posted early Saturday morning on Fayerwayer.com,
a popular Chilean technology blog.
The hacker, who calls himself "Anonymous Coward," posted three compressed
files of data that included names, addresses, telephone numbers and taxpayer
identification numbers for Chilean residents, said Leo Prieto, Fayerwayer.com's
director.
A site editor spotted the data, posted in Fayerwayer's comments section, at
2 a.m. local time on Saturday. He immediately removed the files and contacted
Chilean police, who responded two hours later, Prieto said.
But over the following days the files started popping up on other sites including
Google's Blogger, Prieto said. "There's never been anything like this,"
he said. "People are alarmed."
In a note accompanying the files, Anonymous Coward said he posted the databases
to draw attention to the poor data protection measures in the country of 16
million people.
The files include tips on what to do with the data and how best to access it.
"If you're going to extract data from a server, it's recommended to make
a script that doesn't connect directly to the server, but rather via [anonymous
proxies]," the hacker wrote.
Anonymous Coward also claimed that the files include information on the daughter
of Chilean president Michelle Bachelet. "Bachelet's daughter has a school
pass, although it's not given to many people because their parents have earnings
above a certain threshold," he wrote.
The data breach has been front page news in Chile, where it was first reported
Sunday by the newspaper El Mercurio.
The publicity has focused the country's attention on both government IT security
and also the country's lax privacy laws. For example, Chile's department of
elections sells
voter data including gender, name, address, nationality, date of birth,
and information on disabilities.
Voter registration information is also sold in the U.S., but it can be used
only for political purposes. In Chile there is apparently no such restriction.
Before his site became the center of this public firestorm, Prieto said he
had no idea that his data could be sold. "There's no such thing as private
information in Chile," he said.
(Juan Carlos Perez in Miami contributed to this report.)
