Georgian citizens' personal information leaked in exposed Elasticsearch database

A significant data leak has been discovered exposing Georgian citizens' personal information stored in an unsecured Elasticsearch database. The breach was identified by cybersecurity researcher Bob Dyachenko of SecurityDiscovery.com in collaboration with the Cybernews research team.

The database was hosted on a German cloud service provider's server and contained multiple indices of sensitive personal information. The first index contained approximately 5 million personal data records. The second index contained over 7.2 million phone records with associated personal information and additional 1.45 million car owner details

The exposed information include:

• Full names
• ID numbers
• Birth dates
• Gender information
• Certificate-like numbers (potentially insurance-related)
• Phone numbers with descriptive details about the owners
• Car ownership details

The breach appears to be connected to a previous 2020 data leak, with the current dataset combining that information with additional phone and vehicle records. The database was discovered unprotected and publicly accessible. It was quickly taken offline after discovery.

There is no information about the entity responsible for managing the Elasticsearch index. This complicates enforcement of data protection laws and makes it difficult to provide proper recourse for affected individuals.

The server has been taken offline and public access to the exposed data has been restricted. However, it's unclear how long the data was exposed before discovery and who may have accessed it during that time.