More than 21,000 people have had their personal information leaked on the dark web by cyber criminals who hacked in to the PN's computer system.
Files including names, addresses, ID cards and, in some cases, phone numbers were published on a hackers’ forum in recent days after a ransomware attack last month.
The file was labelled 'Tesseri 2015' - suggesting the people whose data was leaked are either current or former tesserati (paid-up members).
Last month, hackers had threatened to leak “valuable” Nationalist Party documents unless the party agreed to “communicate and cooperate” with them.
Leader Bernard Grech had said in an interview that the party would not negotiate with cyber criminals.
In the last few days, hackers uploaded three files, claiming to have dumped 1.3 GiB (gibibytes) of information but not all of it appears to be accessible.
The PN told Times of Malta yesterday it believes hackers were only able to access data relating to 2014 or earlier, adding it was doing “its utmost to minimise the impact” of the attack.
The data includes eight files full of excel sheets, including personal records of 21,049 party paid members and also past and present employees of the PN’s media arm, Media Link Communications.
These show invoices, payroll information, time sheets and production reports linked to Net news journalists, cameramen and editors.
The party is doing its utmost to minimise the impact of this hacking attack.- Francis Zammit Dimech
The leaked file also includes documents with personal information – name, date of birth, some ID numbers, contact numbers and emails – of around 40 Under-18, Under-14 and Under-16 basketball players, most of whom are now adults.
“The party is doing its utmost to minimise the impact of this hacking attack and is cooperating with the magisterial inquiry that is looking into the matter,” the PN’s Secretary General Francis Zammit Dimech told Times of Malta.
He said that, from what the PN can ascertain, hackers have only gained access to one of the party’s computers “where the data in question relates to 2014 or earlier”.
“The PN trusts that any person or entity privy to such data does not use any data emanating from this hacking attack, for any purpose, and, thus, become an accomplice to a crime.”
In April, the party had revealed it was the victim of an attack on its IT system and that some of its information may have been accessed.
The hackers of ‘Avaddon ransomware’ originally gave the PN 240 hours to “communicate and cooperate with us” last month.
“If this does not happen before the time counter expires, we will leak valuable company documents,” it said.
The hackers had already published a selection of documents, including employee details, passport pictures and a studio rota on the dark web.
“We have company financial data, salary payments, employees’ personal documents, banking, private client data, payment documents and much more,” it said.
A party source had confirmed to Times of Malta previously that the documents appear to be genuine PN data.
Police said that investigations and a magisterial inquiry are still ongoing "therefore it wouldn’t be prudent to divulge further information at this stage".