TIRANA, Dec. 22 – A massive data breach with sensitive information on the salaries and personal information of 637,138 residents working in the private and public sectors has raised alarm bells among Albanian law enforcement, political representatives and residents.
The Tirana Prosecutor’s Office is investigating the leak that appears to have come from the tax administration in the form of a spreadsheet file containing detailed data on people who file taxes in Albania, including foreign citizens.
The leaked file has been circulating online, mostly through the WhatsApp instant messenger. Several Albanian media outlets said they had come in possession of the leaked database.
The file contains the full names, ID numbers, monthly salaries, positions, and employer names for the month of January 2021, according to media reports.
Experts said the two institutions that have the data — the Tax Directorate and the Social Insurance Institute — are likely to now become the focus of the investigation.
The government reacted through its spokesman, Endri Fuga, calling the leak “criminal,” but offering no explanation on the data’s origin.
“Preliminary analyses clearly show that there has been no digital export of the payroll database for the period January – April 2021 in the fields of the document issued” and that this document turns out to be a “union of several different pieces,” as some formulations do not correspond to the official format, Fuga said.
The Ministry of Finance has been ordered to prepare a report for prosecutors.
President Ilir Meta said the leak was a “flagrant violation of human rights, freedoms and human dignity, of laws and of the Constitution” and described it as “a repeated case of lawlessness.”
This is the second massive leak of Albanians’ personal information, following the distribution of the ruling Socialist Party database containing personal information of nearly a million Albanian voters as well as their political leanings ahead of the April 25 elections.
Criminal investigations are pending on how the data moved from the civil registry to a political party to use in the electoral campaign.
The Socialists defended their practices at the time, while Prime Minister Edi Rama said they had not done anything illegal and that the sensitive social security unique numbers the list contained were not really confidential.
That stance is contrary to international best practices on data protection, experts note, and the issue did come up as a major concern in reports of international observers on the April 25 elections.
The main opposition Democratic Party said it was convinced that this second leak is tied to the first, and is part of a grand strategy of the ruling party to use sensitive information for electoral purposes.
“Salaries and sensitive data of citizens are now in the market, in the hands of criminals,” said DP MP Enkelejd Alibeaj, calling it a “scandal of extraordinary proportions” — a result of Prime Minister Rama’s mismanagement.
