A massive data leak has left sensitive personal information of millions of Georgian citizens exposed to potential misuse, according to a report by Cybernews. The breach involved an unprotected Elasticsearch index hosted on a server owned by a Germany-based cloud service provider. The database was discovered by cybersecurity researcher Bob Dyachenko of SecurityDiscovery.com and the Cybernews research team before it was mysteriously taken offline.
The leaked data contained a wide range of personal details, including ID numbers, full names, birth dates, genders, certificate-like numbers (possibly insurance information), and phone numbers with descriptive data about their owners. In addition, the database reportedly included over 1.45 million car ownership records.
The total number of exposed records significantly exceeds Georgia’s population of four million, suggesting duplicate entries or the inclusion of deceased individuals in the dataset. Cybernews suggests that the data may have been aggregated from multiple sources, such as government or commercial records.
Part of the exposed data appears to be connected to a 2020 data leak but includes additional sensitive details, including 7.2 million citizen phone records. The source of the data or the entity responsible for managing it remains unknown.
Although public access to the database has been closed, experts warn that the information may already be in the hands of malicious actors.
Dyachenko emphasized the severe risks posed by this data breach, particularly in Georgia’s current geopolitical climate. “Threat actors can weaponize personal data for political manipulation, disinformation campaigns, or criminal activities,” Dyachenko told Cybernews.
The leaked information could enable identity theft, fraud, and targeted harassment. In a politically polarized region, the misuse of such data could further destabilize trust and create new avenues for disinformation.
The breach underscores the need for robust security measures, including encryption and authentication protocols, to prevent unauthorized access. The researchers also highlighted the complexities of cross-border data protection and the challenges in holding responsible parties accountable.
“This leak highlights the urgent need for better data security practices,” Dyachenko said, adding that affected individuals should remain vigilant for identity theft and fraud attempts.
