According to FayerWayer’s Director, Leo Prieto, the hacker posted three compressed files in the comments section of the website at 2am local time on Saturday. The files included the home addresses, telephone numbers, identity card numbers, email address and the academic records of 6 million Chileans.
A note contained within the files explained that the stunt was carried out to demonstrate the low level of IT security in Chile and how little work was being done to protect the data of the country’s 16 million residents. Similar to the US, the Chilean department of elections sells voter data including information on gender, name, address, nationality, date of birth, and disabilities. However, while this kind of information can only be used for political reasons in the US, Chile apparently doesn’t enforce that kind of restriction.
The hacker also reportedly claimed that the files contained academic information on the daughter of Michelle Bachlet, the country’s president,
"Bachelet’s daughter has a school pass, although it’s not given to many people because their parents have earnings above a certain threshold,"
The posted data appears to have been stolen from sites run by the state-owned electoral agency, and Chile’s Education Minister and state-run telephone services however the head of the Electoral Service, Juan Garcia, insists the their database is "intact, secure and protected", claiming the information from his agency that appeared on the Internet was not confidential and available to the public upon request. The information remained on FayerWayer for just a few hours but reports say that even after it was removed it began cropping up on other websites.
The attack comes not too long after the Italian tax office released the tax details of Italian residents in an effort to reduce tax evasion on it’s website. The government said they hoped it would create an atmosphere of transparency with accessible circulation of information. Listed information included names, addresses, dates of birth, declared income and taxes paid.
The information was pulled from the site after Italian privacy and consumer groups contested that it was a violation of state privacy laws.