Updated: Investigation launched into ‘alleged’ data breach after six hour silence

For over six hours, Government maintained a rigid silence on the fact, let alone the reason why the website of the Lands Authority suffered a significant down time. This taciturnity is giving rise to speculation. However, unconfirmed reports from people close to the industry said that what seems to have happened is that the data was not secured correctly or was accidentally released. Hiwever, a short while ago, other media reported that Governmet had launched an investigation into what it termed as ”alleged’ data-breach. Newsbook.com.mt’s attempts to get a reply proved futile.

Sources in the industry have indicated to Newsbook.com.mt that there could be one of three possible explanations.  It could have been a technical breakdown. But it could also be the result of a denial of service attack. This happens when one user sends such a massive amount of messages that the site goes down. A third possibility could be a data breach as a result of a hacker attack.  In such cases the administrators could switch off the site so that the hacker would not access more information. The Times of Malta and Shift News report a huge data leak of at least 10gigabytes of what they describe as emails, affidavits and other confidential information.

The problem seems to have started at about 14:00h, www.landsauthority.org.mt was down with a 404 error. This kind of error indication shows that the servers could not find the page requested and that the link is broken or dead. So it is the notification normally served when pages have been removed or deleted.

Newsbook.com.mt is still trying to get hold of government officials for an official comment and confirmation of whether this was a data breach and what data has been compromised, but so far no one seems able to answer.

Sources in the industry have remarked that, if this is indeed a data breach, this is quite large scale and the first of its kind since the introduction of GDPR last May. This law requires the data controller to follow procedures laid down in Article 33 of the GDPR including notifications of the breach and measures taken to prevent the same thing from happening again. The same sources also observed the vulnerability of government when it comes to data but also begs the question if data is being sufficiently protected.