Personal and salary data for 637,138 Albanian citizens leaks online
The Albanian government has confirmed and apologized on Thursday for a data leak that exposed the personal and salary-related information for 637,138 citizens, more than 22% of the country's entire population.
Details such as names, ID card numbers, salaries, job positions, and employer names were shared over the weekend on WhatsApp as an Excel document.
The file included what appeared to be tax and salary information filed by companies with the Albanian government for the month of January 2021, according to local media.
In a press conference today, Prime Minister Edi Rama confirmed and apologized for the breach.
"According to a preliminary analysis, it looks more like an internal infiltration rather than an outside [...] cyber-attack," Rama told reporters, according to the Associated Press.
The leak is now being investigated by the Tirana Prosecutor's Office, a government spokesperson said.
Agencies like the Tax Directorate and the Social Insurance Institute will have their activities investigated, local media reported, as they are the only ones that would handle salary-related information and the likely source of any leak.
Second major leak of Albanian government data
The incident marks the second major leak of government data after the data of more than 910,000 citizens leaked in April, just ahead of a major election.
That leak was believed to have been a copy of the country's voter registration database that was provided to the ruling party, the Socialist Party, for electoral purposes.
After this week's second leak, the Democratic Party has now formally asked for Rama's resignation, accusing its opponent of leaking salary information for political reasons.
Copies of the leaked Excel file are now being shared on Telegram channels that cater to data brokers and the information will most likely be weaponized by scammers and cybercrime groups to select future targets.
Catalin Cimpanu is a cybersecurity reporter for The Record. He previously worked at ZDNet and Bleeping Computer, where he became a well-known name in the industry for his constant scoops on new vulnerabilities, cyberattacks, and law enforcement actions against hackers.