DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

‘Contract worker stole all Israelis’ personal information’ (updated)

Posted on October 24, 2011 by Dissent

Okay, this is not a great headline to wake up to.  The Jerusalem Post reports:

Information was used to create searchable database with sensitive information of every Israeli, living and deceased; computer technician put the database on the Internet for anyone in the world to access.

A contract worker from the Ministry of Labor and Welfare was charged with stealing the personal information of over 9 million Israelis from the Population Registry, the Justice Ministry announced Monday after a media ban was lifted.

The worker electronically copied identification numbers, full names, addresses, dates of birth, information on family connections and other information in order to sell it to a private buyer.

The information was also given to another individual who used it to design a software program called “Agron 2006”, which exploited the database to allow queries of all Israeli citizens, allowing information to be illegally sold based on various parameters. Those parameters could include familial relationships of the entire Israeli population, over several generations.

[…]

A copy of the software program, devoid of any protection mechanisms, was later obtained by a computer technician who uploaded it to the Internet. He even created a website with detailed instructions explaining how to download and use the Argon program with Israeli citizens’ personal information.

Read more on Jerusalem Post. This is not the first time we’ve seen an entire country’s information breached, but it’s still staggering and a reminder of the insider threat.

Update: More media is now covering the breach. Aviad Glickman reports that the Agron program was widely downloaded and shared and could be found in many Israeli homes.   Tomer Zorchin provides more background on the contractor and sequence of events:

According to the investigative details released on Monday, it was a former Welfare Ministry contracted employee who stole the information in 2006 from the Population Registry, which he had access to through his job.

The employee stored the database in his home and even updated it sporadically in accordance with the Interior Ministry’s updates. He was later sacked for other criminal-related reasons and passed on the information from the database to a business client, who subsequently uploaded the details onto his computer server.

Over the course of several months, the registry exchanged hands in the ultra-Orthodox community until it fell into the possession of a man named Ari, who used it extensively and uploaded it to the internet. He used internet protocol addresses based outside of the country, worked in internet cafes, and used other methods of subterfuge in order to prevent his own identity from being discovered.

At some point, the registry was sold for the paltry sum of only a few thousand shekels, and it is likely that it was used for malevolent purposes. Since the start of the investigation, Israeli agents have attempted to track down every copy of the registry and remove it from the internet.

One copy of the registry was tracked to an obsessive collector of Israeli databases, who was found to have an enormous trove of them. One of the databases that was found in his possession was a list of adopted children in Tel Aviv and Jerusalem.

Over the course of the investigation, six people were arrested, including the contractor and the man named Ari, and they were subjected to various arrest conditions.

[…]

Read more on Haaretz.com

Category: Breach IncidentsExposureGovernment SectorNon-U.S.Of NoteSubcontractorTheft

Post navigation

← Korean hacker awaiting deportation
SA: Worker: Hospital told boss my HIV status →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Rewards for Justice offers $10M reward for info on RedLine developer or RedLine’s use by foreign governments
  • New evidence links long-running hacking group to Indian government
  • Zaporizhzhia Cyber ​​Police Exposes Hacker Who Caused Millions in Losses to Victims by Mining Cryptocurrency
  • Germany fines Vodafone $51 million for privacy, security breaches
  • Google: Hackers target Salesforce accounts in data extortion attacks
  • The US Grid Attack Looming on the Horizon
  • US govt login portal could be one cyberattack away from collapse, say auditors
  • Two Men Sentenced to Prison for Aggravated Identity Theft and Computer Hacking Crimes
  • 100,000 UK taxpayer accounts hit in £47m phishing attack on HMRC
  • CISA Alert: Updated Guidance on Play Ransomware

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • How the FBI Sought a Warrant to Search Instagram of Columbia Student Protesters
  • Germany fines Vodafone $51 million for privacy, security breaches
  • Malaysia enacts data sharing rules for public sector
  • U.S. Enacts Take It Down Act
  • 23andMe Bankruptcy Judge Ponders Trump Bill’s Injunction Impact
  • Hell No: The ODNI Wants to Make it Easier for the Government to Buy Your Data Without Warrant
  • US State Dept. says silence or anonymity on social media is suspicious

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.