A massive cache of data which was leaked online is understood to have originated from the Labour Party and shows the voting preferences of a majority of the population.

The personal information on some 337,384 people includes names, addresses,
ID card details, phone numbers and whether they are considered Labour or
Nationalist voters.

On Wednesday, the Data Protection Commissioner launched an investigation into the alleged breach by a Maltese IT company.

IT company's Labour links

Senior Labour sources said that the database was an internal list of voters which the party had codenamed ‘Local Area Network’.

Along with information taken from the confidential electoral register, the list includes a field with entries of either ‘1’ or ‘2’ beside each voter.

The entry ‘1’ indicates that the voter is considered a Labour supporter, while ‘2’ indicates that the voter is inclined towards the Nationalist Party.

The list, sources said, appears to predate the 2013 election and also looks like it had been slightly altered from the one originally used by the Labour Party with another field having been entered by third parties.

According to Electoral Commission data, there were 333,072 registered voters during the 2013 general election.

Online monitoring service Under The Breach first announced the breach, tweeting on Tuesday that data had been left exposed by a Maltese company.

According to the monitoring service, the data was available for anyone to
access without a password or any other authentication.

An online security monitoring company told Times of Malta that the company in question was C-Planet IT Solutions Ltd.

It is owned by Philip Farrugia, a former production director at One Productions, the media wing of the Labour party.

Farrugia is also the brother-in-law of Parliamentary Secretary for European Funds Stefan Zrinzo Azzopardi, a former president of the Labour Party.

Contacted on Wednesday, C-Planet IT Solutions said it would not be replying to any questions on what it described as a mishap, insisting the data was “old”.

It later issued a statement through its lawyers, saying the company had “immediately” alerted authorities “upon the notification of the alleged breach”.

“In view of the latter, as you may appreciate, no further information can be divulged as it might hinder the ongoing investigations.”

Data Protection Commissioner investigates

Ian Deguara, deputy data protection commissioner,  said an investigation was being launched into the matter.

“We got to know about this personal data breach this morning from media reports. We shall trigger our investigation procedure with the controller responsible for the processing to establish all the facts surrounding this security incident,” he said.

Sources told Times of Malta it appeared that the company had left a 102MB database file on a server with an opened directory.

The file is a backup copy of several MySQL databases, including one named ‘Elec_Registery’.

MySQL is an open-source database management system.

Last year, the Data Protection Commissioner had imposed a €5,000 fine on the Lands Authority after an investigation of a major data breach that was exposed by Times of Malta.

Repubblika asks for criminal investigation

Civil society group Repubblika on Thursday wrote to the acting police commissioner calling on him to preserve evidence related to the case and to launch an investigation into possible crime through the unauthorised collection, storage and use of data. 

Sign up to our free newsletters

Get the best updates straight to your inbox:
Please select at least one mailing list.

You can unsubscribe at any time by clicking the link in the footer of our emails. We use Mailchimp as our marketing platform. By subscribing, you acknowledge that your information will be transferred to Mailchimp for processing.