[BreachExchange] Two months after data breach, Lands Authority website remains offline

[Destry Winant]

https://www.timesofmalta.com/articles/view/20190129/local/two-months-after-data-breach-lands-authority-website-remains-offline.700056

The Lands Authority’s website remains offline two months after a data
breach was exposed by Times of Malta, with clients forced to visit the
regulator’s offices to settle even the smallest of issues.

This newspaper reported in November that a massive security flaw had
led to a large amount of personal data being dumped online. The flaw
made data easily searchable through a search on engines such as
Google.

Times of Malta accessed more than 10 gigabytes of data, which included
personal information such as scans of ID cards and e-mail
correspondence. The website went offline within hours of the Times of
Malta flagging the breach to the Information and Data Protection
Commissioner who launched an investigation.

A spokesman for the commissioner said the investigation into the data
breach was “in its final stages”.

“The commissioner will be issuing his decision, together with a press
statement, in due course,” the spokesman said without elaborating.

A spokesman for the Lands Authority reiterated that the watchdog was
taking the “alleged incident very seriously, leaving no stone
unturned, having engaged local and foreign experts in the field,
subjecting the website and its applications to robust, in-depth
testing and risk assessments”.

“Tests are still ongoing. The Lands Authority is still very much
actively communicating with the Information and Data Protection
Commissioner and is taking on board forthcoming suggestions, direction
and/or instructions,” he added.

The breach was discovered just months after the general data
protection regulation, a new EU-wide data protection law, came into
force. It sets out a number of procedures and penalties in case of
breaches, including fines of up to €20 million.

Clients who made use of the Lands Authority website on a regular basis
complained to this newspaper they must now go to the regulator’s
offices to handle even the smallest of issues, including payment of
outstanding rent bills.

One client who spoke to Times of Malta on the condition of anonymity
said he had an outstanding rent bill of a few euros to settle and was
forced to go personally to the regulator’s offices in Valletta instead
of simply paying it online.