According to InfoWatch's data, local municipal authorities and related organizations suffered 30% more data breaches YoY worldwide, with the share of intentional leaks having increased from 42% to 53%. The share of municipal organization data breaches triggered from outside almost doubled YoY from 26% to 41%, while the share of leaks through employees’ fault went down from 64% in 2017 to 50% in 2018. When it comes to leak breakdown by data type, personal data leaks still prevail accounting for 82% of all cases; at the same time, the share of compromised payment details increased 1.5 times to reach 13%. This is a digest of data leaks from municipal organizations, as prepared by InfoWatch Analytics Center.
As a result of the largest regional data leak, the voting records of some 14.8 million Texas residents were left exposed online, with a database cache being eventually discovered by a data breach hunter. Compromised records contained a wide variety of personal details, even listing who residents voted for and which parties they affiliated with.
Also in Texas, a coding error in a portal of the Employee Retirement System potentially exposed information on nearly 1.25 million of its members. Before the issue was cured, any portal user could modify the search and see information of other people, including the first and last names, Social Security numbers, and ERS member identification numbers.
The 12-digit numbers issued by Unique Identification Authority of India (UIDAI) and being mandatory for using key services like SIM card registration and bank accounts were compromised on the Andhra Pradesh Benefit Disbursement Portal, hitting almost nine million citizens. Remarkably, the Aadhaar data exposure by AP government website came just a day after the data of 134,000 citizens in the state was found to have been compromised. The data leak revealed their 12-digit Aadhaar number along with their religion, caste and bank details.
The Ontario Progressive Conservative Party’s internal database has been hacked in Canada. The database contained the names, phone numbers and other personal information of over a million eligible voters in the province, as well as party supporters, donors and campaign volunteers.
Still quite often malicious employees of municipal organizations abuse their access to information systems to use other people's data for personal gain. Thus, a clerk inside the California Department of Motor Vehicles who was accused of using her computer access to commit bank fraud and identity theft that involved more than 100 victims and a loss of more than $77,000 was sentenced in federal court in Sacramento to three years and three months in prison.