Between October 29 and November 2, 2024, certain individuals gained access to a search index that contained a small portion of data duplicated from the Unified Municipal Information System. Immediately after the issue was detected, on November 2 of this year, the necessary steps were taken to configure the system’s security and implement measures to prevent further unauthorized access.
This incident directly affected 42 Latvian municipalities (excluding the Riga City Municipality). An analysis conducted by security specialists indicates that certain individuals had access to data regarding employees of some municipalities (first name, last name, department, position, email address, phone number), personal data of residents of the municipalities (first name, last name, personal identification number, registered address), as well as descriptions (metadata) of document files in the records of certain municipalities.
It is important to emphasize that the document files stored in the system were not affected by the incident and were not unlawfully obtained. During the incident, no data in the system was altered or deleted, and data integrity was not compromised, meaning that municipalities can safely continue using the existing system, thereby ensuring the provision of services to residents.
Edžus Žeiris, Director of “ZZ Dats”: “This is a serious incident, and we are treating it with the utmost responsibility; we are collaborating with CERT.LV, Latvia’s leading cyber incident response institution, in resolving and analyzing the incident. The incident has not had any direct consequences for residents of the municipalities, as no data containing, for example, passwords, banking information, or similar details was copied.”
This is a statement in accordance with the requirements of the European Union’s General Data Protection Regulation; work on analyzing the incident is ongoing, and further information will follow.
Additional information:
Edžus Žeiris
Email: edzus.zeiris@zzdats.lv
