The Lands Authority is yet to inform those affected by a massive breach that led to the dumping of huge amounts of personal data online.

A spokesman for the government entity confirmed yesterday that the authority would be waiting for an internal investigation and work by the Information and Data Protection Commissioner (IDPC) to “mature” before communicating with the individuals that were impacted.

“The Lands Authority will take all steps at law to protect the interests of its clients and will abide in full by the conclusions reached by the data protection commissioner. At this stage it is prudent to allow for the internal investigation and the IDPC’s work to mature,” the spokesman said.

No replies were forthcoming on the type of information that would be supplied to those whose personal data was published online.

The Times of Malta, in a joint investigation with The Shift News, reported last week that identity card details, e-mail correspondence, affidavits and other compromising data were made easily searchable on the internet thanks to the security flaw in the Land Authority’s website.

Times of Malta was able to access some 10 gigabytes of data from the authority through a simple search using Google.

In a reaction after the data leak was revealed, the authority said that after it was informed of what is said was an “alleged” breach, immediate action was taken and the website was put offline and an investigation was launched.

Reiterating that an internal investigation has been launched, the spokesman said that the Lands Authority was “taking this matter very seriously”.

“A preliminary notification report has been submitted to the Information and Data Protection Commissioner within the stipulated time frames. The technical flaw has been fixed and testing is currently underway on the ICT systems. Communication with the IDPC is ongoing,” he said.

The company that designed the website, Webee Ltd, has pointed fingers at the authority, saying it did not write or design the business application code that was subject to the breach.

According to new general data protection regulation (GDPR) rules, such breaches could result in fines of up to €20 million.

Sign up to our free newsletters

Get the best updates straight to your inbox:
Please select at least one mailing list.

You can unsubscribe at any time by clicking the link in the footer of our emails. We use Mailchimp as our marketing platform. By subscribing, you acknowledge that your information will be transferred to Mailchimp for processing.