Data leaks and cyberattacks are becoming more frequent in Southeastern Europe. One of the most recent examples is a data breach from Albania, which compromised the personal data of several thousand Albanian citizens. This is not the first data breach in the country either; a similar incident took place shortly before the April elections. These facts require the review of existing measures to protect personal information, improve cybersecurity strategies and understand the role of the different sectors involved in data protection.
By the end of this month, a database with “private information on… wages… jobs, names of employers and identification numbers of some 630,000 [Albanian] citizens, both from the public and private sectors ”began to circulate online, reports Balkan Insight. A similar database was distributed in April, containing “private information and comments on political preferences.”
The leaked data itself can be sold on the black market “for between $ 1 and $ 5 per record, depending on the information you have” on each person, leading to identity theft, according to Exit News Albania. The data can then be used to access personal accounts and social networks, or “by private companies that wish to target people for advertising, monitoring, targeting social networks and more.”
Affected people are at risk as long as the data is openly available. Fabian Zhilla, a Tirana-based security expert, told Balkan Insight that with these data breaches, “the public loses trust in public institutions and the loss of trust is directly related to the cooperation that citizens should have with the institutions “. If this threat is not addressed, “citizens will be exposed and blackmailed and this includes employees of important state institutions.”
An IT expert told Exit that Albania “must renew the identifications of all people if it wants to build trust in public institutions, despite the enormous associated costs.”
Enri Hide, a security expert and professor at the European University of Tirana, called the leak “an open threat to national security”, adding that it “shows the weaknesses of Albania’s cybersecurity infrastructure.” [and a] lack of a response plan in such cases ”. The consequences have implications not only for the people, but also for the private sector, the military, national intelligence and security. “Cybersecurity must be taken seriously [via new strategies and] a clear protocol of what should happen if we have such leaks, ”says Hide. While the country has cybersecurity strategies in place, there are still gaps to be addressed, including the lack of a robust response to the breach, and the data breach demonstrates the urgency of the need to address those shortcomings.
Several Albanian government officials have provided comments on the matter. The opposition Democratic Party condemned the “extraordinary scandal” and accused the socialist government of failing to protect citizens’ private data, while Prime Minister Edi Rama called it “an attempt to create confusion and foster instability.” Meanwhile, a firm response to the data breach has yet to be given. Rather than focusing on their disagreements, Albanian political groups should focus on addressing the causes of this data breach and the possibilities for other forms of attack and protecting the country from further data breaches.
There is no single factor that creates cybersecurity deficiencies in the country, but points to consider include the level of cooperation between national institutions addressing these issues, current strategies, and cybersecurity development in neighboring countries. Given the levels of connection between Albania and its regional partners, partly due to globalization, any vulnerable link in one country can put the rest of the region at risk. Even if Albania has stronger cybersecurity strategies than its neighboring countries, it is still at risk. Therefore, a possible solution to the data breaches in Albania is to increase cooperation and strategies between the countries of the region. This allows for cooperation on similar goals and the advancement of more robust strategies that can be promoted and revised as needed. In addition, cooperation between national institutions and the public and private sectors will be beneficial to promote and further develop cybersecurity strategies, such as the 2020-2025 plan.
Zhilla also suggests setting up “a commission. . . at the ministerial level, perhaps with the request of Parliament to make a better assessment of the protection protocol, the measures related to the status quo of the infrastructure that official institutions have today to protect personal data ”.
These strategies will not make Albania or Southeastern Europe immune to data breaches, but should they occur, they would serve as additional preparedness and mitigation measures.
These data leaks have consequences, not only for national security, but for Albanian society as a whole. The effects of the leaks in both the public and private sectors require additional cooperation between these sectors, together with national agencies working on these issues. This cooperation will enable coordinated responses to mitigate data breaches, protect citizen data, and assess risks to understand what needs to be done.