Germany-based cloud service provider exposes entire Georgian country population

Bob Dyachenko, a cybersecurity researcher and owner of SecurityDiscovery.com, and the Cybernews research team discovered an unprotected Elasticsearch index. Elasticsearch is a platform for data analytics and search in near real-time.

The instance was hosted on a server owned by a Germany-based cloud service provider. The data contained a wide range of sensitive personal details related to citizens of the Republic of Georgia.

One of the exposed indices included nearly five million individuals' personal data records, and another contained over seven million phone records with associated personal information. For comparison, Georgia has a population of almost four million. The data may include duplicate entries and records on deceased people.

The sensitive personal data included the following:

ID numbers
Full names
Birth dates
Genders
Certificate-like numbers (potentially insurance)
Phone numbers with descriptive information about the owner

“The data appears to have been collected or aggregated from multiple sources, potentially including governmental or commercial data sets and number identification services,” Dyachenko said.

Part of the data appears to be linked to a leak from 2020, however, the data was seemingly combined with 7.2 million citizen phone numbers and identifiers, as well as 1.45 million car owner details.

No direct information identifies the entity responsible for managing the Elasticsearch index.

Shortly after the discovery, the server was taken offline, and public access to the exposed data was closed.

However, the potential dangers for millions of people remain.

“Without clarity on data ownership, recourse for affected individuals is limited, and it remains challenging to enforce data protection laws or seek accountability,” the researcher said.

“This leak highlights the complexities of cross-border data protection and regulation.”
Profit-seeking threat actors may cause potential harm

The exposure of millions of Georgian citizens could have severe implications, especially given the current geopolitical climate of significant tensions, polarization, and Russia's influence.

“Threat actors can weaponize personal data for both political or criminal activities. State-sponsored hackers can exploit the leak for political manipulation, disinformation campaigns, or targeted harassment. Meanwhile, profit-seeking hackers can exploit the data for various malicious activities,” Dyachenko said.

He warns Georgians to be vigilant for potential identity theft and fraud attempts, as cybercriminals can attempt to impersonate individuals or perform other social engineering schemes to hijack accounts and commit financial crimes.
Niamh Ancell BW jurgita Marcus Walsh profile vilius
Don't miss our latest stories on Google News

“A mix of personal identifiers, addresses, and phone numbers is potentially in the hands of malicious actors and can be used for fraud or influence campaigns. In a region where geopolitical tensions run high, the misuse of personal information could further destabilize trust within the community, create opportunities for disinformation, and harm vulnerable individuals,” Dyachenko said.

Cybernews researchers recommend that personal data controllers and processors ensure authentication and encryption to prevent unauthorized access to sensitive information.

“The leak underscores the urgent need for robust data security measures. In this case, it's unclear who should inform the affected individuals and conduct a thorough investigation to determine the data's origin and compliance with applicable data protection laws,” Dyachenko concluded.