Massive Data Leaks in Albania Pose Public Security Question

Illustration. Photo: EPA / ROB ENGELAAR

A database circulating online containing private information on the salaries of Albanian citizens, and another with private information and comments on political preferences that circulated in April, have raised concerns about public safety in the country.

Tirana prosecutors began verification hours after a massive data breach of citizens’ private information began circulating online, initially via “WhatsApp”. The data contains the salaries, jobs, names of employers and identification numbers of some 630,000 citizens, both in the public and private sectors.

The opposition Democratic Party condemned “an extraordinary scandal” and accused the socialist government of failing to protect the private data of citizens.

The leaked Excel file contained citizens’ salaries for the month of January, while another that began circulating on Thursday contained salaries for April.

On Thursday, Prime Minister Edi Rama called it “an attempt to create confusion and foster instability,” which also implies that the destabilization efforts come from the country’s divided opposition.

Enri Hide, a security expert and professor at the European University of Tirana, called it “an open threat to national security” and added that “the institutional reaction” is by no means serious and proportionate to the degree of risk. “

“First, it shows the weaknesses of Albania’s cybersecurity infrastructure. Second, it shows the lack of a response plan in such cases, ”Hide told BIRN.

When asked if a specific group of people, such as Intelligence or the Army, are more threatened than others, Hide said the exposure “has extremely serious consequences for Intelligence” and the military.

“The long-term consequences for the Intelligence and Security and Defense system are: 1. Use of data by foreign actors to monitor the sector’s payment system. 2. Now that this level is being clarified, foreign intelligence agencies may try to ‘intervene’ or try to ‘offer rewards’ to actors in key / sensitive positions, “he told BIRN.

He added that the private sector was also at risk by making citizens vulnerable to blackmail.

“Cybersecurity must be taken seriously. We need a strategy based not on letters but on modus operandi. We need a clear protocol of what should happen if we have such leaks. There are none and it’s a shame, “he said.

Fabian Zhilla, security expert based in Tirana, said that the leak of the database with the private information of citizens’ data, “the public loses trust in public institutions and the loss of trust is directly related to the cooperation that citizens must have with the institutions: ”. If this threat is not addressed, “citizens will be exposed and blackmailed and this includes employees of important state institutions.”

“If we talk about protection of personal data, there is no doubt that the bodies that are in charge of monitoring all the servers of public institutions, such as the National Agency for the Information Society, AKSHI, must have a protocol and if there is no protocol … AKSHI should definitely establish a working group to make an evaluation of preventive measures, but also measures in case of information leaks and how it can be managed in real time to prevent their spread in public “, Zhilla told BIRN.

It confirmed that employees of the secret services, intelligence services, military intelligence units and counter-terrorism units were at particular risk.

“It is very important that a commission be set up at ministerial level, perhaps with the request of Parliament to make a better assessment of the protection protocol, the measures related to the status quo of the infrastructure that official institutions have today to protect personal data. ”He added.

According to the National Cybersecurity Strategy 2020 -2025 “any government infrastructure under the administration of AKSHI, ISO 27001 standard policies are applied.”

In April 2021, a few days before the elections in the country, a database with the private information of around 910,000 voters in Tirana was leaked to the media.

It was claimed that the database belonged to the ruling Socialist Party and was drawn from state institutions and used for electoral purposes.

The database, which BIRN has seen, contained some 910,000 entries, including names, addresses, dates of birth, personal identification cards, employment information and other data.

The Socialist Party denied wrongdoing and insisted that the information was collected in door-to-door surveys. The case is still in the prosecution.

Leave a Comment