An Israeli government contractor is suspected to be behind a leak that led to the personal details of every single citizen in Israeli being posted on the internet, the country's Justice Ministry has revealed.
The Israeli Law, Information and Technology Authority (ILITA), which investigated the case, found the data was leaked in 2006 by a person contracted to the Ministry of Welfare and Social Services, LITA said in a statement on Tuesday. The employee had access to the country's Population Registry through that job, the data protection agency said.
"The damages caused by the illegal use of data... span all areas of life and they must be assessed, and I hope the criminals will be prosecuted to the full extent of the law," ILITA head Yoram Hacohen said in the statement.
The personal and family details of over nine million people, some of whom are now dead, were contained in the database. The sensitive details included information on family relationships, addresses, dates of birth and personal identification numbers, among other details.
The contractor kept the database on a computer at home and used official bulletins to keep it updated. After being dismissed by the ministry, the contractor gave the data to a business client, who also stored the details on his own computer.
After that, the data changed hands several times over many months. It fell into the hands of a developer who created software called Agron 2006, which could be used to perform sophisticated queries on the data. The database was eventually uploaded to the peer-to-peer networks by a man named 'Ari', who used IP masking and other methods to try to keep his identity hidden, ILITA said. Undercover agents from the agency have endeavoured to remove copies of the registry from the internet, Haaretz said.
ILITA began its investigation in 2009, mapping potential leak trails, and analysing the Agron 2006 software. During the course of the investigation, ILITA found a stolen copy of the Adoption Registry of the Jerusalem and Tel Aviv Districts in one of the suspect's houses.
Over the course of the investigation by Israeli authorities, six people were arrested, including the former government employee and 'Ari'. All six are barred from leaving the country, according to the Jerusalem Post.
The suspects defended their actions to Ynetnews, saying that the database was so widely used that they did not realise it was illegal to have a copy.
In June, an Israeli parliament meeting authorised protocols for establishing a biometric database. Security experts and civil rights groups have questioned the planned database, saying it could be open to abuse. People's biometric information, such as fingerprints, cannot easily be replaced or renewed if compromised.
Get the latest technology news and analysis, blogs and reviews delivered directly to your inbox with ZDNet UK's newsletters.