Malta’s Business Registry: A €130K Bargain Blunder

Imagine this: You’re a security researcher, eager to find vulnerabilities in systems to make them safer. You stumble upon Malta’s Business Registry, offering a whopping 1.3 million documents for just 1 cent each. You buy them all. What happens next? Let’s dive into this peculiar tale of cybersecurity, Maltese bureaucracy, and the fine print.

Meet Robert Baptiste, a French security researcher who found himself in this unusual situation. He bought all 1.3 million documents from the Maltese Business Registry for a grand total of €130,000. The catch? The registry was supposed to sell these documents at 1 cent each, not €130,000. A glitch in the system, perhaps? Or a clever marketing strategy gone awry?

Baptiste, known online as Elliot Alderson (a nod to the Mr. Robot series), wasn’t after the documents for personal gain. He wanted to test the registry’s security, to find and report vulnerabilities. But when he found himself with a massive data dump, he decided to analyze it, looking for patterns, anomalies, and, of course, security issues.

The Business Registry, located in the heart of Valletta, is the keeper of Malta’s corporate secrets. It holds information on every company registered in Malta, from tiny startups to massive multinationals. That’s a lot of sensitive data, and it’s all supposed to be protected.

Baptiste’s purchase raised eyebrows and sparked debates. Some praised his initiative, calling it a real-world test of Malta’s data protection measures. Others criticized the registry for its apparent lack of security, questioning how such a massive data breach could occur.

Malta’s Information and Data Protection Commissioner, Anthony Gatt, weighed in on the matter. “This incident highlights strong security measures in place to protect sensitive data,” he said. “We’re investigating the matter and will take appropriate action.”

Malta, like many other countries, is grappling with the challenges of data protection in the digital age. The EU’s General Data Protection Regulation (GDPR) has been a breakthrough, pushing Malta to strengthen its data protection laws. This incident, however unusual, is a reminder that the journey towards strong data protection is ongoing.

For Baptiste, the experience was an eye-opener. “I didn’t expect to find so many vulnerabilities,” he said. “But it’s also a testament to Malta’s commitment to data protection. They’ve reached out, they’re investigating, and they’re taking it seriously.”

As for the 1.3 million documents, they’re now safely stored, waiting to be analyzed. Baptiste has no plans to sell them or exploit the data. Instead, he’s working with the Maltese authorities to ensure the registry’s security is up to scratch.