President's Residence records of nearly 100,000 pardon applicants exposed to wartime cyber threats, report finds

Sensitive computerized information at Israel's President's Residence was not adequately protected against wartime cyber threats, according to a report released Tuesday by the State Comptroller. The audit uncovered deficiencies in cyber management, database governance, supplier oversight, email handling, monitoring, and outdated systems. The President's Residence holds sensitive data on approximately 100,000 pardon applicants, and damage to these systems could compromise privacy, the institution's reputation, and the public image of the presidency. The report highlighted that the President's Residence's information and computer systems are critical assets requiring robust protection. The substantive deficiencies in senior management's handling of information protection indicate that cyber-protection issues were not addressed appropriately for the risks faced. Specifically, the pardon database, containing sensitive information on nearly 100,000 applicants, was managed in a way that did not meet key legal requirements. The residence had not appointed an information-security officer for the databases, failed to prepare required documentation, map databases, or create an inventory of database systems. Furthermore, procedures for access permissions were not established, and automated monitoring of database access was not in operation. Since 2019, the President's Residence has used an external supplier for the pardon database's development and maintenance. However, the audit found that the residence did not adhere to Information Security Regulations in its engagement with this supplier, leaving sensitive systems exposed.