The Romanian Electoral Authority (AEP) was affected by a cybersecurity incident, but the director Toni Greblă avoids calling it a breach. Data were leaked for 1,300 individuals from the body of electoral experts, including their address and personal identification number.
The information leak was reported on Friday to the National Supervisory Authority for Personal Data Processing.
Election experts are the ones who take voters' identity cards and verify if citizens have the right to vote when entering a polling station.
The personal information of these experts could have been accessed through an unsecured email, as confirmed by the president of AEP, Toni Greblă, for Hotnews.
"Wednesday evening until Thursday morning at 2 o'clock, the AEP staff was engaged in counting and verifying the signatures from the candidates for the European Parliament elections. The last candidate submitted the documentation at 11:00 PM on Wednesday night. Thursday morning, because we have a very tight schedule in which we need to carry out a multitude of activities, one of the activities was to send the list of electoral experts to the field. We send the list to all counties through secure emails," explained Toni Greblă.
Due to a "mistake" in one county, the list was not sent through the secure email, but through another email.
"For about an hour, it was displayed and could be accessed from this email. Approximately 30-35 people, some entered twice, were able to see the list. We do not know if screenshots were taken or if only the page was accessed," specifies Greblă, who announces an internal investigation and avoids speaking of a security breach.
"It is not a security breach, the names are public, only personal data was not public. The personal identification number and address appeared. We believe that this email was accessed by those interested to see if they are on the list. I don't think anyone took a screenshot to use personal data. I have the obligation to notify the Personal Data Protection Authority."
The excuse is an overload of the staff, because "we are all humans."
"There was an overload of the AEP staff, we stayed until 2:30 AM on the last day of candidate submissions. Maybe the candidacies should be submitted by 5:00 PM. Again, we regret this incident. It is an unfortunate event, I don't think it has a major impact," said Toni Greblă.