The Privacy Protection Authority (PPA) in Israel has determined Likud and Yisrael Beiteinu and tech company Elector Software broke privacy regulations in a data breach affecting about 6.5m voters.

During an election campaign in February 2020 what the authority termed a serious information security incident occurred with data appearing online.

Details which leaked included voters’ phone numbers, email addresses, physical addresses, place of voting, if they were supportive or not of a party, and the medical condition of those interested in transportation to the polling station.

Once notified of the breach, the PPA stopped the leak in a series of actions and traced deficiencies in the company’s and parties’ information security plus violations of privacy law.

The case arose from the Likud and Yisrael Beiteinu political parties utilising an app developed by Elector Software to manage the election campaign.

In its ruling, the PPA stated the use of personal information is prohibited when no valid or sufficient consent has been given by the person on whom the information was collected, or without explaining its uses.

The PPA also determined Likud and Yisrael Beiteinu conducted insufficient supervision and control in ensure Elector Software’s complied with privacy law and regulations; did not examine the information security risks involved; and did not stipulate the relevant obligations regarding information security.

In the field of voter register, political parties are required by law to secure information, the authority said.