Hungary Opens Investigation After Massive Mediaworks Data Leak Surfaces on Dark Web

Key Takeaways

• Hungarian Investigation Launched: Hungary’s National Authority for Data Protection and Freedom of Information has opened an ex officio investigation into the reported Mediaworks Hungary data leak.
• Millions of Files Reportedly Stolen: According to press reports cited by the authority, hackers allegedly obtained nearly 15 million files totaling approximately 8.5 terabytes of data.
• Sensitive Personal Data Exposed: The leaked material reportedly includes names, addresses, bank account details, and other documents containing personal data.
• Regulator Warns Media and Public: Authorities urged media organizations not to publish links or information enabling access to the leaked data and warned that further storage or use of the unlawfully disclosed personal data could also be unlawful.
• GDPR Obligations Still Apply: The authority emphasized that the public availability of leaked data does not make subsequent processing or publication lawful under GDPR requirements.

Deep Dive

Hungary’s data protection authority has opened an investigation into a major reported data leak involving Mediaworks Hungary Zrt., after hackers allegedly stole and published millions of files containing sensitive personal information on the dark web.

In an announcement issued this week, Hungary’s National Authority for Data Protection and Freedom of Information said it became aware through press reporting that a hacker group had illegally obtained nearly 15 million files, amounting to roughly 8.5 terabytes of data, from Mediaworks Hungary’s systems before making the material publicly available online.

According to the authority, the leaked files reportedly include documents containing significant volumes of personal data, including names, addresses, and bank account details. The dataset is also said to contain information categorized as data of public interest and data public on grounds of public interest.

While the full scope and circumstances of the incident remain under review, the regulator said the conduct described in the reports may constitute unlawful processing of personal data under applicable data protection rules. The authority confirmed it will launch an ex officio investigation and determine what additional measures may be necessary once the inquiry progresses.

The announcement did more than signal regulatory scrutiny for the breach itself. It also served as a broader warning about how leaked personal information is handled after it enters public circulation.

Citing its earlier position in connection with the Tisza Party data protection incident, the authority urged media organizations covering the breach to avoid publishing information that would allow readers to locate or access the unlawfully disclosed personal data online.

The regulator emphasized that obligations under the EU’s General Data Protection Regulation continue to apply even when data has already been exposed elsewhere. Media service providers, it said, remain individually responsible for ensuring the legality of the content they publish.

“Their data processing is not made lawful by the fact that someone has already made the personal data public,” the authority stated.

The warning extended beyond newsrooms. The authority also cautioned the public that any further storage or use of unlawfully disclosed personal data could itself be considered unlawful.

Authorities are paying closer attention not only to the attackers responsible for obtaining the data, but also to how compromised information is subsequently shared, republished, or archived once it appears on public or semi-public platforms.

For now, Hungarian regulators appear focused on containing that downstream spread while determining the full implications of the Mediaworks incident and whether further enforcement action will follow.

The GRC Report is your premier destination for the latest in governance, risk, and compliance news. As your reliable source for comprehensive coverage, we ensure you stay informed and ready to navigate the dynamic landscape of GRC. Beyond being a news source, the GRC Report represents a thriving community of professionals who, like you, are dedicated to GRC excellence. Explore our insightful articles and breaking news, and actively participate in the conversation to enhance your GRC journey.