Four suspected of selling personal details of thousands of IDF recruits

Cell which consisted of two soldiers and two civilians, operated for three years and sold information to marketing companies.

IDF soldiers of the Golani Brigade train for scenarios involving enemies similar to Hezbollah. (photo credit: IDF SPOKESPERSON'S UNIT)
IDF soldiers of the Golani Brigade train for scenarios involving enemies similar to Hezbollah.
(photo credit: IDF SPOKESPERSON'S UNIT)
The personal details of hundreds of thousands of IDF conscripts were hacked and sold to outside parties over the course of several years, Israel’s Privacy Protection Authority revealed on Sunday.
According to a report by the authority, two civilian contractors in the Meitav unit were assisted by two soldiers in the unit which had access to the IDF’s recruitment system including information about the recruits such as contact details, the number of children in their families and their designated role in the army.
The suspects, who targeted recruits born from 1988-1993, pretended to be from the “Center for Discharged Soldiers” or “Counseling and Guidance for Discharged Soldiers” and offered them various services and products.
The four suspects developed a computer program that stole the contact information of the recruits and their relatives. They then sold the data to marketing companies.
The suspects successfully carried out the scam between 2011 and 2014. But the large volume of complaints from demobilized soldiers and their families about suspicious unsolicited marketing calls led the Justice Department to open an investigation. Seized computers and interrogation records of those involved were turned over to the cyber department of the State Attorney’s Office.
According to Israel’s Privacy Law, personal data may only be used with the consent of the individual for the sole purpose for which it was given.
The authority has recommended indicting the suspects for violation of privacy, conspiracy, bribery and hacking, and illegally distributing privileged documents.
Privacy Protection Authority director Alon Bachar stated that when people are obliged to unwillingly hand over personal details, the body controlling the data has “an increased public duty to guard their privacy.”
“We recognize, unfortunately, that in organizations where there is supposed to be increased awareness of the importance of protecting sensitive information, there is insufficient compliance with the law in the field of protecting personal information,” Bachar said.
“When information is gathered from people by law, as part of their military service, and not voluntarily, the organization has an increased public duty to protect their privacy. The Privacy Protection Authority views with particular severity offenses against minors, as happened in this case, and will continue to enforce the law wherever the illegal trade in personal information takes place,” he added.

Hagay HaCohen contributed to this report.