What are considered data phishing sites and content infected with viruses, spyware or worms?

Last updated: 22 December 2023

Submit report

Illustration: data phishing sites and content infected with viruses, spyware or worms

Here, reports can be made of websites where users’ personal information, for example user name and password or bank card number, is requested to be provided with the presumed aim of misusing such data to the detriment of users.

This category includes websites that are presumably operated with the aim of collecting personal information from users and misusing it. Content that enables the spread of with viruses, spyware or worms are also fall in this category.

Phishing websites are typically designed to obtain information such as user names and passwords, social security numbers, bank account numbers, PIN numbers, credit card numbers, users’ birth dates and mothers’ maiden names.

It is important to note that unsolicited electronic mail (spam) does not fall within the competence of the Hotline and the National Media and Infocommunications Authority has a separate form for reporting spam, available at https://e-nmhh.nmhh.hu/e-nhh/4/urlapok/esf00101/.

Act C of 2012 on the Criminal Code

Misuse of Personal Data

Section 219

(1) Any person who, in violation of the statutory provisions governing the protection and processing of personal data and the provisions set out in binding legislation of the European Union:

a) is engaged in the unauthorized and inappropriate processing of personal data; or

b) fails to take measures to ensure the security of data;

with gainful interest or thus causing a significant injury of interest is guilty of a misdemeanor punishable by imprisonment not exceeding one year.

(2) The penalty in accordance with Subsection (1) above shall also be imposed upon any person who, in violation of the statutory provisions governing the protection and processing of personal data and the provisions set out in binding legislation of the European Union, fails to notify the data subject as required with a view to exercising his rights of access, and thereby imposes significant injury to the interests of another person or persons.

(3) Any misuse of personal data shall be punishable by imprisonment not exceeding two years if committed in connection with special data or personal data from criminal records.

(4) The penalty shall be imprisonment not exceeding three years for a felony if the misuse of personal data is committed by a public official or in the course of discharging a public duty.

 

Illicit Access to Data

Section 422

(1) Any person who, for the purpose of unlawfully gaining access to personal data, private secrets, trade secrets or business secrets:

a)  covertly searches the home or other related premises, or the confines attached to such, of another person;

b)  covertly monitors or records the events taking place in the home or other related premises, or the confines attached to such, of another person, by technical means;

c)  covertly opens or obtains the postal consignment or other sealed consignment which belongs to another, and records such by technical means;

d)  intercepts communications, by way of electronic surveillance of electronic communications networks or equipment, so as to secretly gain access to communications through information systems, and record its findings using technical devices;

e)  secretly gains access to data stored in information systems, and record its findings using technical devices;

is guilty of a felony punishable by imprisonment not exceeding three years.

(1a) Any person who, for the purpose of unlawfully gaining access to personal data, private secrets, trade secrets or business secrets:

a)  covertly searches any premises or domain other than public areas with unrestricted access and areas which are open to the general public, as well as motor vehicles, with the exception of means of public transport, and any property that belongs to another person,

b) monitors or records the events taking place in any premises or domain other than public areas with unrestricted access and areas which are open to the general public, as well as in motor vehicles with the exception of means of public transport, by technical means shall be punishable in accordance with Subsection (1).

(2)  Any person who is engaged in gathering information with intent to uncover the identity or the activity of any person who covertly cooperates with an undercover detective or an organization authorized to conduct covert information gathering operations or to use covert means, shall be punishable in accordance with Subsection (1).

(3) Any person who discloses or uses any personal data, private secret, trade secret or business secret obtained by way of the means described in Subsections (1)-(2) shall be punishable in accordance with Subsection (1).

(4) The penalty shall be imprisonment between one to five years if illicit access to data under Subsections (1)-(3) is committed:

a) by the unlawful impersonation of an authority;

b) on a commercial scale;

c) in criminal association with accomplices; or

d) causing a significant injury of interests.

Breach of Information System or Data

Section 423 

(1) Any person who gains unauthorized entry to an information system by compromising or defrauding the integrity of the technical means designed to protect the information system, or overrides or infringes his user privileges is guilty of a misdemeanor punishable by imprisonment not exceeding two years.

(2) Any person who:

a) disrupts the use of the information system unlawfully or by way of breaching his user privileges; or

b) alters or deletes, or renders inaccessible without permission, or by way of breaching his user privileges, data in the information system;

is guilty of a felony punishable by imprisonment not exceeding three years.

(3) The penalty shall be imprisonment between one to five years for a felony if the acts defined in Subsection (2) involve a substantial number of information systems.

(4) The penalty shall be imprisonment between two to eight years if the criminal offense is committed against works of public concern.

(5) In the application of this Section ‘data’ shall mean facts, information or datum stored, controlled, processed and transmitted in information systems in all forms which allows them to be processed in information systems, including those programs designed to execute certain functions by the information systems.

Compromising or Defrauding the Integrity of the Computer Protection System or Device

Section 424

(1)  Any person who, for the commission of the criminal offense defined in Section 375, Paragraph d) of Subsection (1) of Section 422 or in Section 423:

a) creates, transfers, supplies, obtains or places on the market passwords or computer programs required therefor or facilitating thereof; or

b) offers his economic, technical and/or organizational expertise to another person for the creation of passwords or computer programs required therefor or facilitating thereof;

is guilty of a misdemeanor punishable by imprisonment not exceeding two years.

(2)  In the case of Paragraph a) of Subsection (1), any person who confesses to the authorities his involvement in the creation of any password or computer program required for the commission of the criminal offense, or facilitating thereof, before the authorities learned of such activities through their own efforts, and if the person surrenders such produced things to the authorities and assists in the efforts to identify the other persons involved, shall not be prosecuted.

(3) For the purposes of this Section ‘password’ shall mean any identifier comprised of a string of alphanumeric characters, codes, biometric data or the combination thereof, designed to gain entry into an information system or any segment thereof.