Interior Minister Davor Bozinovic said on Monday that an investigation was underway into how the data of vehicles and their owners was leaked to the public. He emphasised that this did not happen in his ministry and that the data was not publicly accessible.

The daily Vecernji List reported on Sunday evening that it was in possession of a document on a report to the Security Intelligence Agency (SOA) on the leaking of information on 2,444,587 vehicles belonging to 1,195,052 natural persons, such as names, addresses, personal identification numbers, dates of birth and registrations, as well as other data on vehicles and their insurance policies.

Bozinovic said that the Interior Ministry launched an intensive investigation on Thursday afternoon after being informed by the SOA that it was most likely data-related offences, adding that the Agency for the Protection of Personal Data (AZOP) has also launched an investigation.

The data in question is additional data to that collected by the Ministry of the Interior, he said.

“It is data that the Ministry of the Interior neither collects nor processes, which indicates that the unlawful act was probably committed in one of the institutions that have the right under relevant agreements and laws to use data collected in its original form by the Ministry of the Interior,” Bozinovic said.

“This was not a case of unauthorised access to virtual databases, but something else”

“We cannot yet comment on the nature of this criminal act, but at the moment there is nothing to suggest that the data was leaked online to make it accessible to a large number of people,” Bozinovic said, pointing out that it was important that “the data is not in the public domain.”

It could not be described as a classic hacker attack, as it was not a matter of unauthorised access to virtual databases, but something else, he said.

“We suspect that the data was transferred to a device, a USB stick, which is why it has not yet been distributed and is not accessible to a large number of people,” said Bozinovic.

It is up to the police to find out who has databases with the specific data, “which is different from the data originally compiled by the Interior Ministry”, and to find the perpetrator, he said.

SOA confirms that the data was not obtained through a cyber attack

“The General Data Protection Regulation applies to all natural and legal persons, the AZOP is responsible for monitoring the use and possible misuse of citizens’ data and I am confident that by working together we will get the answers we are looking for,” the minister said.

The Security Intelligence Agency (SOA) has confirmed to N1 Zagreb that the data on vehicles and vehicle owners in Croatia whose leaks were reported to them were not hacked, i.e. they were not obtained through a cyber attack on the information system on which the database is located.

“It was the unauthorised creation and presentation of copies of the database by persons who had access to the said information system,” the SOA said.