Confidential client data held by a law firm set up by the Parliamentary Secretary for EU Funds, Stefan Zrinzo Azzopardi has been leaked online in the latest data breach. 

The 111-page list of SZA Law Firm’s clients exposes their ID card numbers, and found its way into the public domain, likely due to a security flaw at the IT company hosting the data. 

Apart from exposing SZA’s client list, it also includes a breakdown of the amounts owed to the law firm by its clients, as well as details about the legal work carried out for them. 

And it provides a glimpse into the significant amount of government work carried out by the law firm.

A sample of the client list leaked online. Information about private clients has been redacted by Times of Malta.

It counts the Office of the Prime Minister, the Health Ministry, the Home Affairs Ministry, the Ministry for Transport, the Building Construction Agency, ARMS, the Foundation for Medical Services, the Public Health Regulation Department as well as the Association of Local Councils among its clients. 

Zrinzo Azzopardi is no longer a partner in the firm, a position he gave up on being appointed to cabinet. 

C-Planet IT Solutions, who had hosted the data, already hit the headlines this week after an international security firm identified how a trove of personal information on some 337,384 people, including names, addresses, ID card details and even voting preferences, made its way online due to security shortcomings on the firm’s part. 

The IT company is owned by Philip Farrugia, the brother-in-law of Zrinzo Azzopardi, a former president of the Labour Party. 

C-Planet IT solutions has not explained how or why it had the sensitive voter data, instead merely dismissing the data in question as "old."

A link to the firm’s entire operational database was also inadvertently made available online. 

The law firm, which recently rebranded itself as 360 legal after Zrinzo Azzopardi took up his role in Cabinet,  had not replied to a request for comment by the time of writing.