More on a breach previously mentioned on this blog last year. Joanna Parasczuk reports on the evolution of a data breach that started in 2006 as an insider breach and ultimately affected everyone in Israel, it seems:
The Tel Aviv District Attorney has charged six people, including a computer programmer formerly employed as a Social Affairs Ministry contractor, in connection with a massive data theft that exposed the personal details of millions of Israelis.
The theft, which took place in 2006, included the publication of detailed personal information on nine million Israelis, among them minors, deceased persons and citizens living abroad.
According to the indictment, Shalom Bilik, who had access to the database during his work at the ministry, copied the data and took a copy of the database home.
After Bilik’s contract with the ministry ended in 2006, he began to provide computing services to an ultra-Orthodox organization in Jerusalem, and allegedly installed the database on computers there.
Indicted alongside Bilik are Avraham Adam, Yosef Vitman, Haim Aharon, Moshe Moskovitz and Meir Leiver.
Adam, who worked at the ultra-Orthodox charity, allegedly used the stolen data after Bilik gave it him.
Allegedly, Adam passed the data on to Vitman, who volunteered at the charity.
Vitman then sold a copy of the stolen database to Aharon, an independent computer consultant, who combined it with a copy of the voter registration database and eleven other databases, the indictment said.
Aharon then sold the combined database to several people, and also gave it to Moskovitz, a computer programmer, to sell.
Moskovitz enhanced the database with a sophisticated search program he had written, and called the final database ‘Agron’. He then sold it on to various acquaintances.
At this stage, the indictment said, the database ended up in the hands of Leiver, who renamed it aRi and sold it to several overseas internet sites.
Read more on Jerusalem Post.
So… what do you think the punishment or sentence should be for someone who’s responsible for starting a mammoth privacy breach like this? There’s no closing this particular barn door any more, either, and the potential remains to combine the database with new or future databases.
Is this Mark Zuckerberg’s wet dream or what? Or maybe NSA’s? Or maybe both, for different reasons.