Hackers have published the personal information of 4.9 million Georgians online. Cybercriminals put the data for sale on the dark web over the weekend. Many of the details that were published belong to deceased citizens. Nobody knows who was responsible for the leak.
The personal information that was leaked includes full names, home addresses, dates of birth, ID numbers, and mobile phone numbers. They were offered for sale on a hacking forum on the dark web last Saturday. There were 4.934.863 entries in the database, which is more then the number of people that currently live in Georgia (3.7 M). We can therefore say that personal information of deceased people was also included on the list. The information could be used for identity fraud or, more likely, for phishing. When people receive a phishing email with actual personal information about themselves in it, they are more likely to believe it is real.
Initially, reports said that the data was leaked by Georgia’s Central Election Commission (CEC). However, the CEC stated on Monday that the information could not have come from their servers. They said that the data that was published is “radically different from the voters’ list stored at the Election Administration portal (EA)”. They also don’t have information about deceased citizens saved in their database. The CEC is working hard to protect voters’ personal details and have just implemented extra cyber-protection of the EA.
So at this point in time we do not know who shared this information or how it was obtained. What we do know is that the information was found online by internet security company Under The Breach. They passed the information on to ZDNet, who researched the leak and informed the Georgian authorities of the published database. They are now investigating the breach.