The National Crime Agency (NCA) and Information Commissioner’s Office (ICO) are investigating a serious development in the data breach involving gun-selling website Guntrader.
The breach was revealed to the world in July, and it affected more than 100,000 customers, after hackers compromised a SQL database powering both the Guntrader.uk buy-and-sell website and its electronic gun shop register product, The Register reported.
But now an animal rights activist has allegedly acted in an irresponsible manner, and formatted the data so it could be easily imported into mapping software in order to show the homes addresses of British gun owners.
The UK has some of the strictest gun licensing laws in the world, and there are also strict rules governing how guns are stored at a person’s home.
This can include using a gun safe or gun cabinet to store firearms.
As domestic gun rules are so tough, criminals in the UK sometimes go to great lengths in order to obtain firearms.
According to The Register, last week an unidentified animal rights activist’s blog leaked the stolen data including the names and home addresses of 111,295 British firearm owners.
The activist blog had provided a hyperlink to a Google Earth-compatible CSV file that pinpointed which domestic homes are likely to be storing a firearm.
The reformatted Guntrader database was explicitly advertised as being importable into Google Earth, so people could “contact as many [owners] as you can in your area and ask them if they are involved in shooting animals.”
Besides the names and home addresses of gun owners, the data also reportedly included postcodes, phone numbers, email addresses and IP addresses in the Google Drive-hosted CSV file.
The Register did not identify the animal rights blog in question, which had provided a link to the CSV file, but did report that the clearnet site was hosted in Iceland.
The South West Regional Cyber Crime Unit as well as the National Crime Agency are both said to be investigating.
“The NCA is aware that information has been published online as a result of a recent data breach which impacted Guntrader,” a National Crime Agency spokesman told the Register. “We are working closely with the South West Regional Cyber Crime Unit, who are leading the criminal investigation, to support the organisation and manage any risk.”
“We are aware of a potential change in the Guntrader Ltd incident and we will be making enquiries,” the Information Commissioner’s Office told the Register.
Google has reportedly removed the CSV file from Google Drive that was linked to, from the activist’s blog.
One security expert noted the nature of the leaked material does present a higher degree of danger, compared to the typical data normally associated with other data breaches.
“Leaked data is something we are becoming rather accustomed to, but the particular nature of this information comes with a far higher degree of danger,” noted Jake Moore, cybersecurity specialist at ESET.
“The potential combined impact of the personal data compromised is far more severe than most other data breaches,” said Moore. “Usually, stolen data is copied and either sold or distributed accordingly to those who value the credentials – all of which can be digitally damaging.”
“However, with information attached to locations of weapons, it ramps up the seriousness to a potential life threatening level,” said Moore. “This is a perfect example of where digital crime can cross over with physical crime, and the two combined can have an even greater impact.”
“Much like the importance of regulations on storing guns safely, sensitive information needs to be carefully guarded,” said Moore. “The way this data was stored clearly requires an overhaul: it is imperative to ensure better protection is provided in future.”