Data leak

State television LTV1 reported in its investigative program De Facto that representatives of a hackers' group calling themselves the Fourth Awakening People's Army (4ATA) had accessed more than seven million documents from the State Revenue Service (VID) database.

The files contain information on income levels, wages, tax payments and personal numbers of the country's top officials, including the president of Latvia, Valdis Zatlers. There are also many private companies and ordinary taxpayers on the list, according to the report broadcast Sunday night.

A security hole in the electronic declaration system enabled 4ATA to download confidential files for about three months in 2009. VID spokesperson Agnese Grinberga said that an internal investigation has begun.

"The State Revenue Service confirms that the incident happened," Grinberga said. "When we detected that there was a bug in the program that allowed citizens' tax data to be downloaded, we fixed it on the spot. At the same time, we informed the police about the stolen data."

Potentially dangerous data use

VID has already apologized to Latvia's taxpayers for failing to ensure the confidentiality of their data. But that doesn't improve the situation for numerous institutions, public enterprises and large private companies. Rimi Latvia - which operates around 100 supermarkets in the country - is also on the list.

"Of course, we are in shock because we never expected that it would happen," said Rimi representative Zane Enina. "The main worry at the moment is that all the data about our employees could be available." This included full names, personal identification information and salary levels.

"If a competitor wants to find out what positions we have, how much we are paying for those positions and who are the persons working there, they can easily do that if they have such data," Enina said. "This is very dangerous."

Although Britain-based 4ATA has claimed responsibility for the leak, the identities of the persons holding the data are unknown. Dana Muceniece from the Latvian Taxpayers Rights Association said that's the main concern.

"We don't know whether anyone has incurred losses so far," Muceniece said. "If the data is used maliciously, then there will be court proceedings. I also think that in such a case, the institution will have to pay for its mistakes."

An insider job?

All in all, some 120 gigabytes of documents are in the hands of third persons. There are several theories circulating in local media about how the incident might have occurred. It is alleged that a highly placed civil servant within the VID was involved.

"It is still too early to make any judgments about who is to blame for the bug in the program," said computer security expert Valdis Diesters. "We hardly have any information about it. To tell you the truth, the amount of the downloaded data amazes me. It is a vast quantity to download from the internet."

There has been a sharp response from politicians. President Zatlers expressed strong criticism of the VID. Prime Minister Valdis Dombrovskis said he wants to see a thorough review of security for all information technology systems within the state administration.

The groups' activists have announced that they are fighting for "a better future for Latvia." They said they intend to publish the names of tax offenders, as well as information on suspicious deals involving state officials.

Author: Gederts Gelzis (sac)
Editor: Andreas Illmer