Contradicting some commercial officials and experts who downplayed fault for recent cyber attacks, State Comptroller Matanyahu Englman on Tuesday said they serve as proof that the country is still broadly unprepared.
Despite years of warnings and a spike in successful mega hacks of Israeli institutions since December 2020, Englman said at an Eilat conference on the media that Israel is not ready and that “the recent hacking of the website Atraf harmed the fundamental right to privacy.”
He added that the combination of the LGBTQ Atraf dating site attack in recent days and the hack “against Hillel Yaffe Medical Center [earlier in October] prove that Israel is not prepared for cyber attacks.”
Also, Englman said that the problem is worse than people realize because the vast majority of those hacked never complain to the police or the Israel National Cyber Directorate.
The state comptroller said it was not even clear if the police would actually be able to absorb and follow up on cyber attack complaints if more individuals and companies filed complaints as they should.
Rather, he said that one 2019 survey found that there had been 245,000 cyber crimes, including shaming, sexual harassment, hacking and other issues, with 87% of victims failing to complain.
In May 2020, the comptroller issued a report finding that around 4.5 million citizens details, including facial pictures, are not sufficiently protected from misuses or outside hacking.
The problems highlighted by the comptroller related to the Transportation Ministry database for drivers licenses as well as the private sector database for smart bus cards.
The report said that the databases are “defined as a database with a high danger” of being misused or hacked.
Despite the warning, multiple major bus companies were hacked this past week by the group Black Shadow.
In the May 2020 report, Englman had said that none of the databases he had reviewed had sufficient protections for privacy or from outside hackers and that those in charge did not even have comprehensive information with which to assess the protections.
Of the 4.5 million smart bus cards, he noted that it was especially problematic that over 1 million children’s identities and facial pictures were potentially exposed.