1. Anyone who, by any means, without authorization and in a serious manner, erases, damages, deteriorates, alters, suppresses, or renders inaccessible computer data, computer programs, or electronic documents belonging to others, when the resulting harm is serious, shall be punished with a prison sentence of six months to three years.
2. A prison sentence of two to five years and a fine of one to ten times the amount of the damage caused shall be imposed when any of the following circumstances apply to the conduct described:
1. It was committed within the framework of a criminal organization.
2. It caused particularly serious damage or affected a large number of computer systems.
3. The act seriously impaired the operation of essential public services or the provision of basic necessities.
4. The acts affected the computer system of critical infrastructure or created a situation of serious danger to the security of the State, the European Union, or a Member State of the European Union. For these purposes, critical infrastructure shall be considered any element, system, or part thereof that is essential for maintaining vital societal functions, health, safety, security, and the economic and social well-being of the population, the disruption or destruction of which would have a significant impact by preventing the continuation of its functions.
5. The offense was committed using any of the means referred to in Article 264 ter.
If the acts were of extreme gravity, the next higher penalty may be imposed.
3. The penalties provided for in the preceding paragraphs shall be imposed, in their respective cases, in their upper half, when the acts were committed through the unlawful use of another person's personal data to facilitate access to the computer system or to gain the trust of a third party.