Lebanon’s upcoming municipal elections, the first in a decade, could be exposed to a mass voter data exposure, as citizens must verify personal information for the Lebanese election on an ill-protected government portal.
Funded by the UNDP and EU, the Directorate General of Civil Status (DGCS) site allows anyone to access sensitive voter data using basic identifiers like district or civil registry numbers, but the platform lacks privacy policies or breach protocols for the municipal Lebanese elections 2025.
By entering basic details like district, neighborhood, and civil registry number, anyone can access the Lebanon voter database, revealing full names, gender, date of birth, religious sect, and even names of relatives with the same civil records.
The public exposure of civilians’ most sacred information is detrimentally dangerous to the country, especially after, and during, the subjection of Lebanon political cyberattacks, fired up by the Israeli 8200 intelligence unit throughout Israel’s war on Lebanon since 2023.
In 2024, in a celebration of accessing classified personal data, Israeli mercenaries-linked hacking group, “We Are ROOTK1T” revealed on Telegram its breaching operation of Lebanon’s Ministry of Social Affairs website, mocking its weak security.
ROOTK1T’s message to “Stand with Israel” threatened to leak the Lebanese government’s private database and documents, without specifying targets. A day earlier, the same Israel-affiliated group also hacked the Lebanese Parliament’s website, claiming to have breached the voter database.
“[…] no system is safe from our relentless pursuit of chaos and anarchy. We’ve exposed their vulnerabilities, revealing the incompetence of those who claim to govern,” said the Israeli-affiliated group on Telegram.
“Our message is clear: no institution or government shall go unscathed from our digital onslaught. We strike fear into the hearts of those who believe they hold power, reminding them that the digital realm is our home,” ROOTK1T’s message added.
Although the DGCS platform is funded by the UNDP and EU, it has few features such as the terms of service or privacy policy. This means that users are not necessarily sure how their data are saved, who they might be accessed by, or how they are protected in the case of a breach.
“Saving citizens, not putting them in greater danger” must be the goal, a local digital rights specialist asserted.
Weak Lebanon Cyberattack Protection Framework
The Lebanon cyber operations, with its legal framework, have proven weak in protecting civilians’ data. The current Electronic Transactions and Personal Data Law only conditions data processors to notify the Ministry of Economy, with no further obligations.
Government agencies are exempt, and the law allows broad discretion with minimal monitoring.
Moreover, there has been a national cybersecurity policy since 2019, but it largely remains inactive. Lebanon has witnessed repeated data breaches by schools, embassies, and car registries reflective of fundamental weaknesses.
EU countries, France and Germany, enforce strict laws on voter data treatment. French citizens, for example, can see their status online but only after securely logging in via an approved digital ID system, while Germany permits voter lists to be accessed only by authorized staff.
Experts and civil society groups are calling for Lebanese election to follow suit. Proposals include limiting what voter data is made public and establishing a new, dedicated law for personal data protection that applies across government and private sectors.
The upcoming Lebanese election needs a serious data privacy overhaul, starting now to not negatively reflect on the municipal Lebanese elections results.
Inside Telecom provides you with an extensive list of content covering all aspects of the tech industry. Keep an eye on our Cybersecurity sections to stay informed and up-to-date with our daily articles.