The Data and Information Protection Commission has launched an investigation into a massive data breach at a local IT company which compromised the personal data of 337,384 Maltese citizens.
“We got to know about this personal data breach this morning from media reports,” a spokesperson for the Commission told Lovin Malta. “We shall trigger our investigation procedure with the controller responsible for the processing to establish all the facts surrounding this security incident.”
Last night, an international data breach monitoring service called ‘Under The Breach’ posted screenshots on Twitter of a MySQL database accessed from the servers of Maltese IT company C-Planet IT Solutions.
This data included the names, ID numbers, addresses, phone numbers and dates of birth of several Maltese citizens, stored in a folder called ‘VotingDocumentsSystem’.
The administrator of ‘Under The Breach’ told Lovin Malta that the data wasn’t hacked but that the IT company had left its server open, meaning anyone could just type in their IP address and access all their files.
They agreed that this was an act of potentially dangerous incompetence for which the company should be held accountable.
C-Planet IT Solutions has told Times of Malta that the incident was a “mishap” and that the data was “old”.