In a recent cybersecurity incident at Romania’s Permanent Electoral Authority (AEP), the personal data of approximately 1,300 electoral experts were inadvertently leaked. The compromised data included sensitive information such as addresses and personal identification numbers.
Toni Greblă, the President of the AEP, has been reluctant to label this incident as a security breach, despite its apparent seriousness. Instead, he described the event as an “error” that occurred due to the mishandling of an email communication. This error led to the experts’ personal data being accessible through an unsecured email for about an hour, during which time, it was accessed multiple times by 30 to 35 individuals. It remains unclear if any of the data was downloaded or captured during this window.
The leak was discovered and reported to the National Authority for the Supervision of Personal Data Processing last Friday. This body oversees data protection and is expected to take action on the matter.
Electoral experts in Romania are responsible for managing voter identification at polling stations. They verify voters’ identities and eligibility to vote, making them a crucial part of the electoral process. The leak of their personal information not only poses a risk to their privacy but also raises concerns about the integrity of the electoral process itself.
In response to this incident, Greblă announced that next week he will determine the appropriate actions to be taken against those responsible for the mistake. He noted that AEP personnel were heavily engaged in electoral activities, such as verifying signatures for candidates in the European Parliament elections, which might have contributed to the oversight.
The AEP president’s insistence that the leaked information, while sensitive, did not constitute a security breach because the names are public, has sparked further debate about the adequacy of data security measures at the AEP. Greblă mentioned that the error was due to the staff’s overwhelming workload, commenting that “we are all human,” to explain the situation.
An internal investigation is underway, and the AEP is expected to implement stricter security protocols to prevent such incidents in the future. Meanwhile, the affected electoral experts and the general public await further updates and assurances that their personal information will be better protected.