German cloud service provider exposes entire Georgian country population - millions of personal data files leaked

(Image credit: Shutterstock)

Security researchers found an Elasticsearch index with millions of entries
The database contained personal information on millions of Georgians
It was traced back to an unnamed German cloud provider

A German cloud service provider has unintentionally exposed sensitive data on probably the entire population of Georgia, security researchers are saying.

Cybersecurity expert Bob Dyachenko, of SecurityDiscovery.com said they recently discovered an non-password-protected Elasticsearch index containing a “wide range of sensitive personal details” belonging to Georgians. The index hosted two indices, one with almost five million personal data records, and another with more than seven million.

Given that the entire population of Georgia counts less than four million people, it’s safe to assume that even with numerous duplicate entries, all of its citizens could be at risk of identity theft, phishing, and more.

Shutting down the leak

The archives contained people’s ID numbers, full names, birth dates, genders, phone numbers, and other sensitive information.

“The data appears to have been collected or aggregated from multiple sources, potentially including governmental or commercial data sets and number identification services,” Dyachenko said.

The researchers traced the instance back to a server owned by a German cloud service provider. The researchers did not name the company, and said that the server was taken offline “shortly after discovery”. It was left unclear if the company was notified of the leak. Therefore, we also don’t know if any threat actors found the archives in the meantime, and if the data had been exfiltrated elsewhere.

“Without clarity on data ownership, recourse for affected individuals is limited, and it remains challenging to enforce data protection laws or seek accountability,” the researcher said. “This leak highlights the complexities of cross-border data protection and regulation.”

Via Cybernews

Huge data breach exposes over 600,000 records, including background checks, vehicle, and property records
Here's a list of the best antivirus tools on offer
These are the best endpoint protection tools right now

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.