Israel’s Likud Party is being accused of causing one of the most serious data breaches in Israeli history, and of gross violations of Israeli privacy laws, following the exposure on the Internet of the private information of all 6,454,254 registered Israeli voters.
The leak itself is being blamed on Elector, an application used by Likud, the Shas and Yisrael Beiteinu parties, as well as by some parties abroad, to manage their election campaigns. As first reported by Israeli investigative website Seventh Eye, which focuses on the media industry, the Elector app’s webpage was improperly coded, granting administrator access to the databases stored by the application.
According to a petition filed last week, the Likud Party had created a database of all registered Israeli voters using its access to the official Central Elections Committee (CEC) voter registry, and then shared that database with its supporters via the Elector app.
Included in the database was not only the voter registry information—including ID numbers, full names and home addresses—of almost 6.5 million eligible Israeli voters, but also much more detailed information on tens of thousands of Likud supporters, on whom Likud volunteers had collected additional details over the past month, which they added to the database, according to Calcalist.
The Elector website was fixed shortly the leak was discovered, but it is unknown how many people might have gained access to the exposed data.
On Monday, the Israeli Justice Ministry’s Privacy Protection Authority (PPA) said it was investigating the incident, just a day after CEC head Supreme Court Justice Neal Hendel ordered Likud, Shas, Feed-b, the company behind Elector, Attorney General Avichai Mandelblit and the PPA to respond to the petition by Wednesday.
The incident follows an additional leak in September, when the business journal The Marker reported that it had managed to access Likud’s voter database ahead of the country’s Sept. 17 election.