Voter records for around 4.9 million Georgian nationals (including deceased citizens) were exposed on a hacking forum on Saturday, March 28, ZDNet, a tech news website reported. The leaked data reportedly contains personal information such as “full names, home addresses, dates of birth, ID numbers, and cellphone numbers” of registered Georgian voters.
The leak was spotted by the Under the Breach, a data breach monitoring and prevention service, which then notified the ZDNet platform. The user behind the data breach, ZDNet wrote, claimed that data originated from the official portal of the Central Election Commission, a supreme body charged with administering election processes in Georgia. The CEC set up the website for individual voters to check their registration status.
“The exposed data was not retrieved from our repository, as we do not store personal information such as ID number, middle name and etc. [contained in the leaked records],” the CEC has told Civil.Ge today.
“We are examining the information disclosed by a foreign media outlet with regard to voter database exposure, and will make a public statement in the near future,” the Ministry of Internal Affairs has stated.
Giorgi Iashvili, Georgian cybersecurity expert, expressed doubt whether the hackers had indeed retrieved data from CEC databases. Similar data breaches had been reported in previous years, and hackers behind this exposure might have uploaded already cracked data, noted Iashvili in conversation with Civil.Ge. He drew attention to the fact that, thus far, a single screenshot was all that was publicly available from hacked materials. Based on that scant evidence, Iashvili reckoned, it is much more likely that exposed information came from state data repositories (under Ministry of Justice, or Ministry of Internal Affairs) other than CEC’s own. “Voters’ registration status portal has access to a database that contains only a limited amount of personal information, and, technically, it is very unlikely that the said data had been retrieved from the CEC,” said Iashvili.
“Hacked data does not contain personal financial information (such as bank account number, online banking password and etc.) and therefore is insufficient for perpetrators to carry out financial transactions,” noted the National Bank of Georgia in a statement released on March 31. However, the Central Bank said, banks and financial institutions would tighten control on ongoing financial operations in order to avert any types of financial frauds.
Parliamentary polls in Georgia are slated for October, 2020. According to the CEC, there were 3,528,658 eligible voters during the last nationwide (presidential) election in 2018.