Data breaches and cyber attacks are increasingly common in south-eastern Europe. One of the most recent examples is a data breach from Albania, which compromised the personal data of several thousand Albanian citizens. This is also not the first data breach in the country; a similar incident occurred shortly before the April elections. Such events require the review of existing measures to protect personal information, improve cybersecurity strategies and understand the role of the different sectors involved in data protection.
By the end of this month, a database containing “private information on … wages … positions, employer names and identification numbers of approximately 630,000 [Albanian] citizens, public and private sectors ”have started to circulate online, reports Balkan Insight. A similar database, which contained “private information and comments on political preferences,” was released in April.
The leaked data itself can be sold on the black market “between $ 1 and $ 5 per record, depending on the information held” from each person, leading to identity theft, according to Exit News Albania. The data can then be used to access personal accounts and social media, or “by private companies who wish to target individuals for the purposes of advertising, surveillance, social media targeting, etc.”
Data subjects are at risk as long as the data is freely available. Fabian Zhilla, a Tirana-based security expert, told Balkan Insight that with these data breaches, “the public is losing trust in public institutions and the loss of trust is directly related to the cooperation citizens should have with them. the institutions”. If this threat is not addressed, “citizens will be exposed and blackmailed, including employees of important state institutions”.
An IT expert told Exit that Albania “must renew the identity documents of all people if it is to create trust in public institutions, despite the enormous costs associated”.
Enri Hide, security expert and professor at the European University of Tirana, called the leak an “open threat to national security” and added that it “shows weaknesses in Albania’s cybersecurity infrastructure [and a] absence of an intervention plan in such cases. The consequences have implications not only for the population, but also for the private sectors, the military, national intelligence and security. “Cybersecurity must be taken seriously [via new strategies and] a clear protocol of what should happen if we have such leaks, ”says Hide. Although the country has cybersecurity strategies, there are still gaps to be filled – including the lack of a firm response to the leak – and the data breach demonstrates the urgency of the need to address these gaps.
Various representatives of the Albanian government provided comments on the matter. The opposition Democratic Party condemned the “extraordinary scandal” and accused the socialist government of failing to protect citizens’ private data, while Prime Minister Edi Rama called it “an attempt to confuse and promote ‘instability”. During this time, there is no firm response to the data leak yet. Instead of focusing on their disagreements, Albanian political groups should instead focus on the causes of this data breach and the possibilities of other forms of attack and protect the country against further data breaches.
There is not a single factor that creates cybersecurity gaps in the country, but points to consider include the level of cooperation between national institutions dealing with these issues, current strategies and the development of cybersecurity in the country. neighboring countries. Given the levels of connection between Albania and its regional partners, in part due to globalization, any vulnerable link in one country can put the rest of the region at risk. Even though Albania has more robust cybersecurity strategies than its neighboring countries, it is still in danger. Therefore, one potential solution to data leakage in Albania is to increase cooperation and strategies among countries in the region. This allows cooperation on similar goals and the advancement of stronger strategies that can be promoted and revised as needed. In addition, cooperation between national institutions and the public and private sectors will be beneficial to promote and further develop cybersecurity strategies, such as the 2020-2025 plan.
Zhilla also suggests creating “a commission. . . at ministerial level, perhaps with Parliament’s request to better assess the protection protocol, the measures linked to the status quo of the infrastructure that official institutions now have to protect personal data.
These strategies will not protect Albania or South Eastern Europe from data breaches, but where appropriate, they would serve as additional preparedness and mitigation measures.
These data breaches have consequences, not only for national security, but for Albanian society as a whole. The effects of leakage on the public and private sectors require further cooperation between these sectors, as well as with national agencies working on these issues. This cooperation will enable coordinated responses to mitigate data breaches, protect citizens’ data and assess risks to understand what needs to be done.