Lands Authority data breach occurred prior to planned move to secure servers

Lands Authority clients’ data was meant to be moved to secure Malta Information Technology Agency servers but the migration had not happened when a basic security flaw was flagged last month, Times of Malta has learnt. The Times of Malta and Shift News reported last month that personal data was searchable online because of a basic security flaw in the government entity’s website design. IT experts did not exclude the possibility that the flaw had likely already been there when the Lands Department successor was set up last year. Over 10 gigabytes of data, including ID cards, passports and e-mail correspondence, was made available to anyone carrying out a simple Google search. The data protection watchdog is investigating the breach and the lands regulator website has been offline for a month. A source familiar with the Lands Authority said the decision to use servers hosted by third parties was made to expedite the setting up of the website last year. The intention was to migrate the data to secure MITA servers, as per normal government practices. Contacted by Times of Malta, a spokesman for the authority refused to say why the migration never took place, citing ongoing...