Reuters from Kiev reported that the government job portal https://career.gov.ua/ published PII (Personally Identifiable Information) of Ukrainian Nationals, which included passport scans, and diploma and graduation certificates among other documents. These documents were submitted by citizens who registered on the portal for job searches in the government sector. However, the National Security and Defence Council (NSDC) is yet to confirm whether it was a targeted cyberattack or a human error.
On January 16, 2020, Office of the Ombudsman of Ukraine published a Facebook wall post that said, “A possible leak of personal data of citizens who registered on the site https://career.gov.ua/ with the aim of passing a competition for government service was identified. A copy of the passport and other scanned documents that users uploaded to the Unified Vacancy Portal for public service are in free access.” The Ombudsman’s Office first received a complaint about the data leak by an activist of the Ukrainian Cyber Alliance, a non-profit Ukrainian cyber community.
The NSDC of Ukraine held an emergency meeting of the working members to discuss the cause, effect, and measures to be taken by the state resources in connection with the leak of data from the Unified Vacancy Portal. Later, NSDC stated that its cybersecurity experts had identified the vulnerability and secured the portal.
Some Ukrainians said that they won’t be surprised if a loan is accidentally taken in their name while others questioned the government’s stand and preparedness on cybersecurity and digitalization.
Ukraine and its institutions have been victims of multiple cyberattacks in the recent past. As per a study by the tech firm Comparitech, Ukraine ranks 10th least cyber-secure out of 60 countries researched. The Ukraine Cyber Police Department has been working overtime to curb and nab the miscreants. Just before the new year, the Ukraine Cyber Police department arrested a cybercriminal hacker group (including three Ukrainians and one foreign national) from the Kharkiv region that was responsible for hacking more than 20,000 servers of private organizations around the globe.
The hacker group, which had been active since 2014, targeted organizations mainly from Ukraine, Europe, and U.S. regions. From the hardware and other physical and virtual property confiscated during the raid, the officials learned that hackers sold the hacked server credentials and access points to various customers around the world. These servers were also used to create botnets for mining, DDoS attacks, installing software command centers with viruses, and turning them into weapons for brute-force attacks.