Data on almost every citizen of Georgia posted on hacker forum

Personally identifiable information (PII) belonging to more than 4.9 million people from the country of Georgia – including full names, home addresses, dates of birth, ID numbers, and mobile phone numbers, including that of dead people – was published on a hacking forum on Saturday.

That’s more than the current total estimated population: according to the National Statistics Office of Georgia, as of 2019, the country had about 3.7 million people.

The data set was first spotted by Under the Breach, a data breach monitoring and prevention service. ZDNet reports that it’s been shared online in a 1.04 GB MDB (Microsoft Access database) file.

One respondent to the Twitter post from Under the Breach said that this is “very old data” that’s been “shared several times on many open/closed forums” and that whoever shared it “is probably a leecher” (link added).

In fact, it appears that all the records date back to 2011.

Under the Breach initially thought that the entire country’s voter database had been ripped off from Georgia’s Central Election Commission (CEC). But the CEC denied it yesterday, saying that it doesn’t capture some of the data included in the dump – including that of dead people.

From a Google translation of its statement:

The CEC portal provides information on about 3.5 million voters, which does not include information about the dead; However, the CEC does not transmit voter lists for the purpose of forming a voter list and therefore does not have information on the voter’s father’s name, telephone number or ID number in the voter database.

The CEC said that it didn’t process the data published on the non-named hacker forum and that the database differs from what the election administration has access to, including in terms of data, format and database structure.

Nor has any cyber incident been reported to the CEC, its statement said. Finally, data verification has shown that the personal numbers and addresses of the data published on the forum don’t match those in the CEC voter database, the commission said.

Under the Breach shared the data with ZDNet, which communicated with one of the people who shared the data on the forums. They declined to say where they got the data from, but later, after ZDNet waved the CEC’s statement in their face, clarified that it wasn’t the CEC. Sorry, they said, we misunderstood: our English isn’t great.

The data-dump sharer said that the data can be verified on the CEC’s website, not that it had been leaked from the commission in the first place.

ZDNet has provided links to the leaked data to Georgian authorities who it says are now investigating the breach.

Latest Naked Security podcast


Click-and-drag on the soundwaves below to skip to any point in the podcast. You can also listen directly on Soundcloud.