More than 620 claimants have come together to file a joint lawsuit against an IT firm which exposed personal data of more than 337,000 voters in a security breach exposed last April.

The claimants say EU data protection laws were breached by the data leak and are asking civil courts to quantify and award them damages for harm suffered due to the breach.

A database belonging to C-Planet IT Solutions Ltd, which included personal data belonging to 337,384 voters, was left exposed online in what the company described as a mishap involving "old" data. Data included names and surnames, ID card details, phone numbers and addresses of voters.

Sources had told Times of Malta at the time that it appeared the company had left a 102MB database file on a server with an opened directory – effectively making it openly available online.

C-Planet IT Solutions is owned by Philip Farrugia, who previously worked with the Labour Party's media wing, and senior sources within Labour had said the database left exposed originated from the party. The PL subsequently distanced itself from the leak. 

The EU’s cornerstone of data protection legislation, the General Data Protection Regulation, imposes massive fines of up to four per cent of turnover or €20 million for data protection breaches.

Personal data was left exposed by the leak.Personal data was left exposed by the leak.

Locally, fines for such breaches have however been minimal and sporadic, with the largest-ever fine imposed being of just €5,000 to the Lands Authority after it left data of more than 5,000 users exposed online.

The collective legal action filed in court was coordinated by two civil society organisations, The Daphne Caruana Galizia Foundation and Repubblika.

Lawyers Antonio Ghio, Carl Grech, Deo Falzon, Sarah Cannataci and Michael Zammit Maempel signed the court application.

Independent journalism costs money. Support Times of Malta for the price of a coffee.

Support Us