As a result of a data breach, confidential information about Georgian citizens has been exposed to the public. The unprotected database was hosted on a server belonging to a German cloud provider.
The breach affected approximately 5 million records containing personal data and over 7.2 million phone numbers. For context, Georgia’s population is around 4 million. The database included identification numbers, full names, dates of birth, social insurance numbers, and other personal details.
Part of the data traces back to a 2020 breach but has now been combined with new records, including information on 1.45 million vehicle owners.
Cybersecurity experts emphasize the heightened risks posed by such a breach in the current geopolitical climate. Malicious actors could exploit the personal data for political manipulation, disinformation campaigns, or fraudulent activities.
Shortly after the discovery, the server was taken offline, and access to the data was restricted. However, the risks to Georgian citizens persist, as the exposed information could still be leveraged for identity theft, financial fraud, or social engineering attacks.
The database owner remains unidentified, complicating the investigation and efforts to hold those responsible accountable. This incident underscores the urgent need to strengthen data protection measures and ensure compliance with information security regulations.
