Malta Tax Authority leaks contact details of 7,000 companies through email error
Learn More
The Malta Tax and Customs Administration (MTCA) is reporting a data leak that occurred on November 12, 2025, resulting in the unauthorized disclosure of company contact information to approximately 7,000 email recipients.
According to MTCA's official statement, the administration's standard protocol for bulk notifications typically involves using a secure notification portal that enables automated and controlled distribution to taxpayers and tax practitioners. On this occasion, staff deviated from the established workflow and failed to follow the standard automated process. As a result of this procedural error, a file containing sensitive company contact details was accidentally attached to outgoing emails intended for other recipients.
The exposed data includes:
- Company names
- Company registration numbers
- Tax identification numbers (TINs)
- Company status information
- Email addresses
- Phone numbers
Preliminary assessments conducted by MTCA indicate that approximately 7,000 email addresses received the attachment containing the exposed company data. MTCA formally notified the Office of the Information and Data Protection Commissioner about the incident.
Officials confirmed that they have started an internal review. The administration has committed to introducing additional safeguards and validation steps designed to prevent similar incidents from occurring in the future.
