Israel’s Privacy Protection Authority announced the launch of an investigation into a massive data leak by a website for a mobile phone app used by Prime Minister Benjamin Netanyahu’s party, just weeks before the country heads to the polls for the third general election in less than one year.
The Likud uploaded the entire Israeli national voter registry — including personal data such as full names, phone numbers, addresses and national ID numbers — to the website of an app called “Elector.” The app is designed to communicate information to voters ahead of the March 2 elections.
While all political parties in Israel have access to the Israeli voter registry ahead of elections, they are required by law to protect voters’ privacy and cannot copy, erase or transfer the registry. While the Likud gave Elector access to the registry, it is not yet clear if any of these privacy regulations were violated.
Why it matters: In January 2019, current Shin Bet director Nadav Argaman warned that an unnamed foreign cyber power — the immediate suspect being Russia — was working hard to hack aspects of Israeli elections.
Israeli cyber experts have warned that Iran and other foreign intelligence agencies may already have access to the leaked data, which includes private cellphone numbers and other information of top Israeli intelligence officials.
The blame game: Netanyahu routinely brags about the Israeli cyber defense industry and its abilities in this field, but now his own party is under the threat of an investigation and potential charges. The parties and their leaders have a responsibility to defend the data and prevent access for unauthorized people.
What's next: The Privacy Protection Authority can call the Likud party leaders for questioning and might press charges against them. The cyber authority is trying to block the leaked info from further dissemination and assess the damage.
Read more: Check out Ben Caspit’s piece on the Israel Pulse about Israeli parties and election committees bracing against cyberattacks.