SIAE ended up in the crosshairs of a ransomware group. Computers have not been locked, no servers encrypted with indecipherable keys, yet 60 GB of personal data which also includes all contracts with authors and all data relating to payments have been stolen from the servers.
This is 60 GB of data that we have had the opportunity to verify, and for which the group has also published a series of samples, which we show below obviously censored to protect privacy.
SIAE, contacted by us, confirms the matter and specifies that they only learned of what happened yesterday, and that the Privacy Guarantor and the competent bodies to which the complaint was filed were promptly notified.
At the moment no track is excluded: it could be an attack from the outside, through some bugs, or an attack that has also had some “internal” help. The investigations have just started, and in the next few hours SIAE will obviously notify all those involved in the personal data theft.
The group asked for an unspecified ransom in order not to make the stolen data public, but SIAE confirmed that has no intention of paying: the risk, in these cases, is that the data will be made public even after paying the ransom.
A huge problem not so much because it is the umpteenth case of computer piracy that affects an Italian body, but also because the SIAE holds a series of data that can potentially detonate a bomb.
From artist royalty payments to the list of companies that pay fair compensation for private copying with important or sold product numbers. Material that no one would have wanted public, and which now risks ending up online everywhere.