If Meitav's Website Was Hacked - the Breach Was Almost Inevitable
The breach of IDF’s Meitav website was almost inevitable, in light of inadequate attention to the need to protect sensitive personal information and the lack of supporting legislation in Israel
In light of the fears that Meitav, the IDF website for new military recruits, was hacked, Dr. Tehilla Shwartz Altshuler, Senior Fellow and Head of the Democracy in the Information Age project at the Israel Democracy Institute said today (Sunday): “… the breach was almost inevitable, since not enough attention is given to the need to protect sensitive personal information, and due to the lack of legislation in Israel to protect privacy.”
Shwartz Altshuler added that “currently the IDF and other governmental bodies are not sufficiently aware of the ability to use personal information, the significant economic value of such information and the significant motivation for its theft, along with the fact that some sources of information are exempt from the Privacy Law. This lack of awareness underlies the current situation in which data storage systems are not programmed in a way that is sufficiently secure, nor do they have the capacity to send out warnings on the downloading and transfer of data sets. Such warnings might prevent the current situation of data theft. The current incident is only a preview of what will happen when information is leaked from the biometric database with such leaks enabling identity theft to an unprecedented extent, or the health databases sold all too casually by the state to every start-up company.”
Shwartz-Altshuler recommends significantly minimizing the amount of data the state collects on its citizens, in light of the likelihood of its theft or its use in an abusive way. In addition, it is essential to plan data storage systems, in such a way that will make data theft difficult by implementing using a hierarchical authorization system and creating a system that will send out a warning in cases of irregular or deviant t downloading of information. Finally, government organizations and citizens alike must be made aware of the importance of protecting personal information, so that this awareness guides everyday acts of r sending or receiving data. We must understand that any information transmitted today for one purpose can be used in the future by other systems or organizations ---for new and different purposes.