Mores than twenty four hours after it was discovered that thousands of documents Maltese citizens submitted to the Lands Authority were shared on the internet the same Authority, according to timesofmalta.com, released a statement saying that the mistake was identified and rectified. This notwithstanding visitors to the website of the Lands Authority told Newsbook.com.mt that the site is still not accessible.
The statement explains that to their knowledge, ‘There does not appear to be any foreign, third-party or outside infiltration’ which resulted in personal data becoming available available online.
The Lands Authority says that the information that could be found by Google Search was ‘limited data’ that applicants would provide via their online application procedure.
However the authority then explains that those making out applications would need to fill a check box disclaimer, acknowledging that by law, that their information would be open to ‘public inspection’.
The statement as published by timesofmalta.com does not give no indication that the applicants were at all conscious that their consent meant that ‘public inspection’ meant sharing on the internet.
Data breach at Lands; Government answer dodges questions
Newsbook.com.mt’s attempts to find answers on why the Lands Authority website was down and an alleged data breach of personal information took place, has turned up precious little.
Dr Ian Borg, Minister for Transport and Infrastructure, was contacted by Newsbook.com.mt, was contacted yesterday with a series of questions asking why the website was down, for how long, as well as to confirm or deny reports of the data breach, the measures the Minister would take to ensure those affected were informed, and what steps were being taken to prevent further instances.
The answer from Dr Borg reads, ‘Please note that we are informed that the Lands Authority has immediately taken the necessary steps to establish the facts about the said matter. Details will be divulged in due course if and/or when appropriate in order not to allow such information to hinder the course of action being taken by the same authority.’
People’s personal information
According to the Times of Malta and the Shift News, the breach released over 10 gigabytes of personal information, which includes identity card details, emails, affidavits and other information that is now searchable online. The breach of personal information is affecting 1000s of Maltese people.
It is understood the service provider used for storing the information was inadequate allowing a breach to occur. This subsequently allowed Google and other search engines to begin storing and cataloguing this information in the public domain.
When the Commissioner for Data Protection was informed of the breach, the prompt decision was taken to deactivate the website. Google has begun the process of removing the information they had collected but the concerns are now that smaller search engines may have copied this information, therefore keeping it accessible in the public domain.
Talking to the Times of Malta, lawyer Michael Zammit Maempel said that the Commissioner would now be responsible for informing those who have been affected. He also explained that under current GDPR regulations, the breach could incur fines of up to €20 million, notwithstanding claims brought against the Lands Authority.
As of this morning, people’s personal data was still searchable online.
The Commissioner for Data Protection has now launched an investigation in reaction to the breach and the Lands Authority website is still down.