The overview about cybercrime presented by the Federal Police of Germany in 2021, registered an increase in the cases of data espionage and data theft by 38.6%. Sensitive data was often obtained through exploiting IT security vulnerabilities at companies and then either distributed through Pastebin sites or in areas of the internet with limited access (such as closed forums, deep- and dark net). The people impacted by these leaks can suffer massive damage to their reputation, finances, and overall privacy.

The research consortium found a possibility for companies and individuals to check their data for the impact of data leaks in the BMBF funded preceding project EIDI. This enabled data privacy conformant warnings to companies directly impacted by the leak.

The previous project, however, lacked, among other things, a possibility to anonymously and securely upload found datasets into the EIDI system. Reports about data leaks, datasets discovered by IT-Security researchers (white hats) as well as whistleblowers from inside companies regularly lead to criminal investigations against them and categorical denial of a breach by companies. This suggests an anonymous ingestion of data is preferable. A quick and effective analysis of data leaks can result in an increase in data sovereignty for both companies and individuals. Further, such an anonymous ingestion of data is in the spirit of the newly enacted national whistleblowing law (HinSchG, national implementation of the EU Whistleblowing Directive) as well as the future reporting requirements under the EU Cyber Resilience Act (CRA-E).

The project will conceptualize and test processes and tools that enable the extraction of personal identifiable information (PII) from uploaded datasets and their transformation into a suitable schema and format. The objective here is the development of an approach which can be applied in different scenarios. This includes considering interfaces to existing project spin-offs (e.g. identeco GmbH & Co KG) early on, to consider potential follow on usage early on. Because of the different nature of various data leaks, the supported data types should be as heterogeneous as possible. The effective processing of the identified information is made possible through the development and usage of a suitable data scheme. The extracted information is processed in accordance with data privacy regulations and is further used to allow comparison with existing datasets.

The objective is to recognize partial or complete overlap with existing datasets and to achieve a qualified statement about the source of the analyzed dataset in full or of its parts. Predefined threshold values and indicators allow the generation of specific warning messages for affected consumers and companies.

The conceptualization of a technical interface for the ingestion of unstructured leaked data combines various preexisting and tried aspects of previous research in an innovative manner and develops them further as needed. The desired analysis allows for probabilistic assessments of the analyzed information as to its allocation to existing datasets based on its makeup and features. The identification of acceptable parameters for comparison and especially combinations of parameters which can be used for comparison, extends the existing deterministic comparisons from previous research. Because of these special features, the data escrow module is exceptional in comparison to national or international approaches for the checking of identity data.

The makeup of the data escrow module is innovative and improves data sovereignty as well as the applicability of data subjects’ rights under the GDPR and DGA. For companies, the concept of the data escrow module can establish and complement effective processes in relation to reporting obligations about security incidents.