A database containing the private information of Georgian citizens is up for grabs on a dark web forum. Researchers from Under the Breach stumbled on the data leak over the weekend, and reported that it contained 4,934,863 entries.
Full names, physical addresses, dates of birth, ID numbers, and mobile phone numbers were among personal identifiable information wrapped up and shared in a 1.04 GB Microsoft access database file.
Although the data initially pointed to the Central Election Commission of Georgia (CEC), the administration said the data released by hackers is different from the voter list data posted on their election portal.
The origin of the information remains a mystery, since the Georgian state has a population of approximately 3.7 million (according to the 2019 census), and the leaked file contains information of deceased citizens.
The organization also said it detected no suspicious activity on its network, and it only provides information on approximately 3.5 million voters that doesn’t include details such as telephone number and personal ID number. Still, the commission started an investigation this Monday.
The data dump poses a serious risk for the Georgian people. Once in the hands of bad actors, the information can be used for more nefarious purposes such as identity theft, impersonation and phishing attacks.
Even if the data leak does not include passwords or credit card information, every piece of personal identifiable information is important to identity thieves.
Criminals can use the names together with other scraped data and open new credit card accounts, apply for loans, or deploy personalized phishing emails to trick the recipient into offering financial information.