BERLIN (AP) — A German student has admitted to obtaining and publishing online hundreds of politicians’ and celebrities’ data and told investigators that he acted alone, authorities said Tuesday.
The 20-year-old, who wasn’t identified in line with privacy regulations, lives with his parents and is still at school, said Georg Ungefuk, a spokesman for the Frankfurt prosecutors’ office that specializes in internet crime.
Investigators searched his apartment in central Hesse state on Sunday evening before detaining and questioning him. He has no previous convictions and appears to regret his actions, Ungefuk said at a televised news conference in Wiesbaden.
Authorities say almost 1,000 people were affected by the data breach. In most cases, the information made public was limited to basic contact details, but in up to 60 cases more extensive personal data was published. It was posted via Twitter before Christmas, but only came to most people’s attention on Thursday night.
The information appeared to include data on members of all parties in parliament except those from the far-right Alternative for Germany party.
Ungefuk said the suspect told investigators that “he acted out of annoyance at public statements by the politicians, journalists and public personalities involved.” He said, however, that the search of his apartment didn’t immediately turn up “objective indications of any particular political motivation.”
He “said that he acted alone in illegally obtaining data and then publishing it,” Ungefuk said. Investigations so far have produced no evidence that anyone else was involved, he added.
The suspect was released Monday for lack of legal grounds that would justify keeping him in custody, such as a risk of collusion or flight risk.
He could face charges of illegally obtaining data and handling stolen data, which can carry a sentence of up to three years in prison for adults. However, this case is being considered under juvenile law, which carries lesser sentences, and Ungefuk noted that the suspect has cooperated with investigators, and helped them recover data he deleted after the case became public.
It wasn’t immediately clear when the hacking started.
Investigators say the suspect also collected publicly available information on the politicians, journalists and others to the data — which included telephone numbers, addresses, credit card details, photos and communications — and published the material using links posted on Twitter accounts including one with the handle “G0d.” The account was suspended on Friday.
Questions have been raised about the way the data breach was handled by Germany’s IT security agency, after it emerged that it was made aware of it weeks before the extent of the data collection became clear on Thursday.
The IT security agency has acknowledged that it was approached by one lawmaker about suspicious activity on his private email and social media accounts in early December, but said it believed at the time his experience was a one-time case.