The website for an election app used by Prime Minister Benjamin Netanyahu’s party made it possible to view full names, addresses, identity card numbers and more.
A software flaw exposed the personal data of every eligible voter in Israel — including full names, addresses and identity card numbers for 6.5 million people — raising concerns about identity theft and electoral manipulation, three weeks before the country’s national election.
The security lapse was tied to a mobile app used by Prime Minister Benjamin Netanyahu and his Likud party to communicate with voters, offering news and information about the March 2 election. Until it was fixed, the flaw made it possible, without advanced technical skills, to view and download the government’s entire voter registry, though it was unclear how many people did so.
How the breach occurred remains uncertain, but Israel’s Privacy Protection Authority, a unit of the Justice Ministry, said it was looking into the matter — though it stopped short of announcing a full-fledged investigation. The app’s maker, in a statement, played down the potential consequences, describing the leak as a “one-off incident that was immediately dealt with” and saying it had since bolstered the site’s security.
The flaw, first reported on Sunday by the newspaper Haaretz, was the latest in a long string of large-scale software failures and data breaches that demonstrated the inability of governments and corporations around the world to safeguard people’s private information, protect vital systems against cyberattacks and ensure the integrity of electoral systems.
It came less than a week after another app helped make a fiasco of the Democratic presidential caucuses in Iowa, casting serious doubts on the figures that were belatedly reported. That app had been privately developed for the party, had not been tested by independent experts, and had been kept secret by the party until weeks before the caucuses.
The personal information of almost every adult in Bulgaria was stolen last year from a government database by hackers suspected of being Russian, and there were cyberattacks in 2017 on Britain’s health care system and the government of Bangladesh that the United States and others have blamed on North Korea. Cyberattacks on companies like the credit agency Equifax, the Marriott International hotel company and Yahoo have exposed the personal data of vast numbers of people.