25 Million Records Leaked in Latvia

Researchers have uncovered a massive data breach in Latvia, where 25 million records, including citizens’ names, national identification information and home addresses, were stored on open Elasticsearch servers.

• The leak occurred due to a vulnerability in the Lietvaris document management system, which is used by Latvian government agencies to process citizen applications. Researchers found that the data was available to the public without protection. The leak contained sensitive information that could be used for identity theft and fraud. The open server will be shut down within 24 hours and an internal investigation will be conducted.
• Lietvaris is used by both government agencies and businesses that store large amounts of data. Such a breach poses a serious threat because the exposed information can be automatically collected by cybercriminals. A breach of this magnitude is particularly dangerous in light of the increasing number of cyberattacks and attempts to use personal data for phishing campaigns and financial fraud.

More stringent security management of public platforms and GDPR compliance are needed. Cybersecurity experts recommend that organizations secure their servers, restrict public access, implement encryption and multi-factor authentication, and regularly scan their systems for vulnerabilities