The Privacy Protection Authority received 108 reports concerning serious security incidents in 2021, according to its annual report

Illustration. BIGSTOCK / Copyright: Thapana_Studio

Throughout 2021, Israel’s Privacy Protection Authority received 108 reports concerning serious security incidents. 19% of the incidents took place in or against public bodies, 15% in insurance companies, 9% in non-tech companies, 5% in medical institutions, 2% in tech-companies, and the rest in “other” targets.

Earlier this week, this government authority – which operates as part of the Ministry of Justice, published its annual report. The 70-page document detailed the authority’s main missions and accomplishments for 2021, noting the increasing need to protect one’s privacy, as the world becomes increasingly – and exponentially – more digital.

Some of the major privacy beaches handled by the authority year were a massive breach in a political campaign management software, which resulted in leaking personal information of some 6.5 million registered voters (this was not the first time this company was breached); hacking into the servers of the Hod Hasharon municipality and encrypting residents’ data; and Maccabi HMO erroneously sending text messages containing personal medical information to the wrong recipients.

Oddly, missing from the report is perhaps the most well-known privacy-related cyber event of the year in Israel: the hacking of local website hosting company Cyebrserve (an attack attributed to Iran-backed group Black Shadow), which resulted in leaking the personal data of tens of thousands of people who were registered to the LGBTQ+ dating site “Atraf”, and unimaginable potential harm to people who are still closeted. Six months later, that website is still down.

The report also discussed at length the surveillance tools used by the Shin-Bet (ISA) to monitor the Israeli population during the Coronavirus pandemic, which ended in March 2021 after the Supreme Court ordered to reduce the usage of those tools (Another attempt at reactivating these surveillance methods came into effect in late 2021, when the Omicron variant raised concern, but five days later this was annulled).

“The struggle to protect people’s right to privacy is gaining momentum in the current era, which is a witness to technological revolutions around the world and in Israel, which is at the forefront of technological advancement,” said Minister of Justice, Gideon Sa’ar, in a statement published at the top of the report.

“These technologies have become an integral part of our daily routine, which shape our lives and influence the choices we make. This reality creates challenges when it comes to securing our privacy, including when it comes to information security, the use and processing of information, accountability, cyber risks and more.”