Digital ID provider has data hacked and sold on Dark Web

French company Thales, a leader in Digital ID solutions to governments for their citizens, has admitted that its data has been hacked and sold on the Dark Web.

The company announced on November 10 that “data relating to the group has been released” on the platform of the hacker group known as LockBit 3.0.

“On November 10, 2022, an extortion and ransomware group (LockBit 3.0) released on its publication platform data pertaining to Thales Group,” a Thales statement said.

“At this stage, Thales is able to confirm that there has been no intrusion of its IT systems.

“Thales is working closely with its partner and is providing all of the necessary technical support and resources to minimize any potential impact to concerned customers and stakeholders.
​
“The Group remains vigilant towards any data theft, systematically mobilizing our teams of security experts, as data security of any of our stakeholders is our utmost priority.”

Promotional video claimed it was ‘safe and secure’

Thales is at the forefront of Digital IDs that are imposed on the public by governments for matters like vaccination status, storing medical records and verifying one’s identity among other features.

The French company has previously insisted that its Digital ID wallet is safe and secure when it comes to personal data.

In a promotional video of its Digital ID wallet, in reference to the hypothetical citizen in the campaign, it said:

“I protect her identity and official credentials wherever she goes, I provide secured access to public and private services and allow her to have full control over her data privacy. In other words, I give the right access to the right data to the right person.”

Yet this data leak provides an insight into the troubles that come with Digital IDs, especially when they are being pushed across the world as a necessity to partake in fundamental daily practices.