Cyber Incident Victim: Slovak Chamber of Commerce

On December 19, 2016, the Slovak Chamber of Commerce (scci.sk) suffered a data breach perpetrated by the hacker known as Kapustkiy. The attacker exploited an SQL injection vulnerability in the organization’s website, gaining unauthorized access to a database containing records for over 4,000 users. Compromised data included real names, email addresses, phone numbers, and encrypted passwords. Kapustkiy publicly disclosed the stolen information on Pastebin, accompanied by a statement claiming the breach was intended to demonstrate security weaknesses in government-affiliated websites. The hacker reported scanning the internet for government targets and selected the Slovak Chamber of Commerce without specific motive beyond its governmental association and inadequate security posture. Kapustkiy asserted attempting to notify administrators of vulnerabilities two days prior to the breach but receiving no response, framing the incident as an effort to compel improved cybersecurity practices through demonstrating breach consequences.

The breach exposed sensitive personal information of thousands of individuals affiliated with the Chamber, with encrypted passwords posing potential secondary risks if decryption methods were available. Kapustkiy concurrently disclosed membership in the New World Hackers collective, identifying as a researcher and penetration tester for the group. This incident formed part of a broader pattern targeting governmental entities globally, including recent breaches of the Russian Federation’s Embassy consular department, Argentina’s Ministry of Industry, Ecuador’s National Assembly, and multiple embassies. Slovakia’s Computer Emergency Response Team (CERT) acknowledged the incident on December 20, 2016, prompting the Chamber to take its website offline for maintenance. No additional remediation details or statements from the Chamber were provided in the source material, leaving the full scope of containment measures undocumented.