The Likud party inadvertently allowed public access to the full register of Israeli voters, containing personal data on 6,453,254 citizens, through an application vulnerability, Haaretz reported on Sunday.
The registry was uploaded by Likud to the Elector app, which is used by the party to run its operations on Election Day. The firm that developed the application, Feed-b, was quoted as saying that the vulnerability was a “one-off incident that was immediately dealt with,” and that security measures have since been strengthened.
The Likud has so far declined comment on the report.
Israeli political parties receive personal details of voters before the elections and commit to protecting their privacy, as well as not to reproduce the registry, not to provide it to a third party, and to permanently erase all the information once the election is over.
A leak of government information on this scale is almost unprecedented. The only comparable case was in 2006, when an Interior Ministry employee stole the population registry and distributed it illegally.
It was not known how many people gained access to the data while the vulnerability lasted. However, as Haaretz noted, the application has users in various countries abroad, among them the United States, China, Russia and Moldova.
The Israeli daily said that it informed the National Cyber Directorate of the leak, which in turn reported it to the Privacy Protection Authority.