Personal information — including names, home addresses, dates of birth, ID numbers and mobile phone numbers — of more than 4.9 million Georgians, including deceased citizens, was published on a hacking forum over the weekend, ZDNet reported. For context, Georgia’s population is about 3.72 million.

It is unclear where the leak originated. Initially, ZDNet had reported that this leak came from the country’s Central Election Commission (CEC), but the CEC denied the claim since it doesn’t store information about deceased citizens, or voters’ father’s name, telephone number or ID number. It also said that the format and structure of the leaked database does not match CEC’s.

Georgia has fallen prey to major cyber attacks a few times in the past, mostly at the hands of Russia:

  • In October 2019, over 15,000 Georgian websites had been defaced in a massive cyber attack that affected websites of government agencies, banks, courts, and media. The hackers had breached the network of a local web hosting provider. The UK’s National Cyber Security Centre and the US Department of State had later blamed Russian General Staff Main Intelligence Directorate (GRU) Main Centre for Special Technologies (GTsST) for the attack.
  • Between July and August 2008, before the Russian invasion of Georgia, a number of cyber attacks were carried out against Georgian media’s servers, its oil pipelines and internet traffic in general. Even then, the aim had reportedly been to inconvenience the average Georgian internet user. The Russian government had denied being behind the attack, but had said that “individuals in Russia or elsewhere had taken it upon themselves to start the attacks”. At that time too, the attack was eventually linked to GRU.