Israel nabs source of leak of 9 million personal details

An Israeli government contractor is suspected to be behind a leak that led to the personal details of every single citizen in Israeli being posted on the internet, the country’s Justice Ministry has revealed.

The Israeli Law, Information and Technology Authority (ILITA), which investigated the case, found the data was leaked in 2006 by a person contracted to the Ministry of Welfare and Social Services. The employee had access to the country’s Population Registry through that job, the data protection agency said.

The personal and family details of over nine million people, some of whom are now dead, were contained in the database. The sensitive details included information on family relationships, addresses, dates of birth and personal identification numbers, among other details.

The contractor kept the database on a computer at home and used official bulletins to keep it updated. After being dismissed by the ministry, the contractor gave the data to a business client, who also stored the details on his own computer.

After that, the data changed hands several times over many months. It fell into the hands of a developer who created software called Agron 2006, which could be used to perform sophisticated queries on the data. The database was eventually uploaded to the peer-to-peer networks by a man named ‘Ari’, who used IP masking and other methods to try to keep his identity hidden, ILITA said. Undercover agents from the agency have endeavoured to remove copies of the registry from the internet, Haaretz said.

Over the course of the investigation by Israeli authorities, six people were arrested, including the former government employee and ‘Ari’. All six are barred from leaving the country, according to the Jerusalem Post.

The suspects defended their actions to Ynetnews, saying that the database was so widely used that they did not realise it was illegal to have a copy.

In June, an Israeli parliament meeting authorised protocols for establishing a biometric database. Security experts and civil rights groups have questioned the planned database, saying it could be open to abuse. People’s biometric information, such as fingerprints, cannot easily be replaced or renewed if compromised.

Get the latest technology news and analysis, blogs and reviewsdelivered directly to your inbox with ZDNet UK’snewsletters.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s