The personal details of hundreds of thousands of army recruits were taken from IDF servers and sold to outside parties, a report by Israel’s Securities Authority revealed on Sunday.
According to Hadashot news, the investigation by the ISA found that soldiers and civilian contractors in the Meitav unit, which handles recruitment administration, accessed the files of thousands of incoming IDF soldiers between 2011 and 2014.
The four suspects hacked the data by developing a computer program that combed the IDF’s files for the contact information of the recruits and their relatives, which they then sold to marketing companies and other third parties.
In recent years, soldiers complained of receiving unsolicited marketing calls from groups claiming to offer assistance to soldiers, and offered them various products and services at a discounted rate.
Some of the soldiers had expressed concern that the telemarketers knew sensitive personal information about them, such as possession of a foreign passport.
The group carried out the scam undetected for a number of years, but the increasing number of complaints prompted the Justice Department investigation.
As part of the investigation, the homes of the suspects were searched by police, and their computers were confiscated. All four were interrogated by police.
The ISA transferred its findings to the cyber unit at the State Attorney’s office, noting the scammers had likely broken a number of privacy laws.
Alon Bachar, the head of the ISA’s Privacy Protection Unit, said the privacy measures within the IDF were insufficient.
“When personal information is gathered from people as part of their military service, and not voluntarily, [the army] has a public duty to protect that privacy.”
He said the ISA was treated the investigation with “great severity,” because a number of the victims were under the age of 18.
The IDF did not comment on the report.