A data breach involving a Latvian document management system has leaked the personal information of 25 million individuals.
The Lietvaris Document Management System Breach
The breach centers around Lietvaris, a document management system predominantly used by the Latvian government and businesses. Cybernews researchers discovered a vast quantity of data—a staggering 25 million records—exposed on an unsecured Elasticsearch cluster.
This represents a substantial portion of Latvia’s population (approximately 1.9 million). The exposed data, attributed to the Lietvaris platform, included highly sensitive personal information. The initial disclosure of the leak occurred on November 1st, 2024.
“This incident underscores how important it is to keep data protected. Especially for government-associated organizations that store sensitive personal information on a large scale,” researchers stated.
Exposed Data: A Serious Privacy Risk
The leaked data included:
- Names and surnames
- National IDs
- Home addresses
While there’s no evidence of data exfiltration, the researchers warn of the potential for misuse. The combination of full names, national IDs, and home addresses significantly increases the risk of identity theft and other serious crimes.
“Another issue is privacy violation as the unauthorized release of personal data infringes upon citizens’ privacy rights. Moreover, the leak could erode public confidence in official data handling,” the research team explained.
Swift Response and Mitigation Steps
The Lietvaris developers, Latvian software firm ZZ Dats, promptly secured the exposed Elasticsearch cluster within 24 hours. They have also initiated an internal investigation. We are still awaiting an official comment from ZZ Dats.
Credit: Cybernews
To prevent future incidents, researchers recommend these crucial steps:
- Immediate Server Securing: Restrict public access and implement authentication for all Elasticsearch instances.
- Compliance Review: Assess compliance with EU data protection laws (GDPR) and report any violations.
- Investigation & Disclosure: Conduct a thorough internal review to identify the root cause and notify affected individuals if necessary.
- Encryption & Access Controls: Implement encryption (both at rest and in transit) and enforce strict role-based access controls.
- Monitoring & Alerts: Implement continuous monitoring to detect unauthorized access attempts.
