[BreachExchange] Ukrainian government job site posted passport scans of thousands of civil service candidates

Destry Winant destry at riskbasedsecurity.com
Tue Jan 21 09:50:39 EST 2020


https://www.ehackingnews.com/2020/01/ukrainian-government-job-site-posted.html

Government job site https://career.gov.ua/ published scans of
passports and other documents of citizens who registered on the portal
to search for work in the government sector. This was announced on
January 16 by the Office of the Ombudsman of Ukraine on Facebook.

“A possible leak of personal data of citizens who registered on the
site https://career.gov.ua/ with the aim of passing a competition for
government service was identified. A copy of the passport and other
scanned documents that users uploaded to the Unified Vacancy Portal
for public service are in free access," the message said.

It is noted that data leakage became known from posts on Facebook by
job seekers in the public sector. So, on January 15 at night in the
social network, there were messages from candidates for government
posts about publishing scans of their passports, diplomas and other
documents. A spokeswoman for the Ukrainian cyber activist community,
Ukrainian Cyber Alliance, known as Sean Townsend, filed a complaint
with the Ombudsman’s Office.

The press service of the Ombudsman's Office noted that the
circumstances of this incident are being established and monitoring is
being carried out. However, Ukrainians are afraid that their documents
will be used by fraudsters.

"Don't be surprised if a loan is accidentally taken in your name,"
users write in the comments.
The cybersecurity expert Andrei Pereveziy wrote the following:
"Minister Dmitry Dubilet, what about digitalization? Probably, this
vulnerability in the framework of #FRD should be demonstrated to the
European Ombudsman, so that Europe understands what it supports."

The National Security and Defense Council (NSDC) of Ukraine held an
extraordinary meeting of the working group on responding to cyber
incidents and countering cyber attacks on state information resources
in connection with the leak of data from the Unified Vacancy Portal.
During the meeting, experts noted the need for state authorities to
ensure proper cyber protection of their own information systems.


More information about the BreachExchange mailing list