Lands Authority website had major flaw that allowed clients to be indexed

The development of the Lands Authority website suffered a major flaw that allowed the data of applicants and clients to be indexed, and subsequently available publicly.

Personal information of clients serviced by the Lands Authority ended up in the public realm after a website fault allowed the data to be accessed through the internet. The breach was flagged on Friday by the Times of Malta and Shift News that claimed the personal data of some 5,000 Lands Authority clients was accessible by a simple Google search.

The data breach included identity card details, e-mail correspondence and affidavits.

A source in the Lands Authority told MaltaToday that the LA was of the opinion that there was no security breach. "All applicants would sign a consent form allowing their information to be part n the public domain, as is the case with the Planning Authority. This does not justify the website flaw, but it does remove any data protection concerns."

MaltaToday is still awaiting answers from the LA as to what type of investigation is being carried out on the problem.

“The website was pulled down immediately the problem was flagged. The technical problem has been identified as a flaw in the website design, which appears to have been there since the start,” an LA spokesperson said yesterday. He would not elaborate but insisted all technical and legal advice was being taken to protect clients and the authority.