Overview
Albania has suffered a cascade of data exposures since 2021 affecting millions of citizens. These breaches span two distinct categories: insider leaks (voter and salary databases, likely from political actors) and state-sponsored attacks (Iranian HomeLand Justice, compromising government systems). Both categories implicate AKSHI — the agency that also built Diella, the AI anti-corruption minister.
| Year | Incident | Records Affected | % of Population |
|---|---|---|---|
| 2021 | Voter database leak | 910,000 | ~33% |
| 2021 | Salary database leak | 637,138 | 22% |
| 2022 | Police suspect database (Iranian attack) | ~100,000 | — |
| 2022 | Government official emails (Iranian attack) | Ministers + PM | — |
| 2022 | Intelligence agency employee data | SHISH employees | — |
| 2022 | Citizen phone numbers and IDs | Mass leak | — |
| 2024 | INSTAT census data (claimed) | 100+ TB claimed | — |
Incident 1: Voter Database Leak (April 2021)
910,000 Voter Records — ~33% of Albania’s Population
A Microsoft Access database containing records for 910,000 Albanian citizens was leaked to media. The records were reportedly provided to the Socialist Party for electoral campaign targeting.
Data exposed per record:
- Full name and national ID number
- Phone number
- Voting center and birthplace
- Residence codes
- Employment information and employer names
- Tax data
- Emigration status and destination countries
- Political affiliation predictions
- “Patronage” assignments (party officials assigned to monitor individual citizens)
Government response: AKSHI (listed as ANA in 2021) denied involvement, claiming e-Albania “at no time stores, administers or processes citizens’ data.”
The database contained political affiliation predictions and patronage assignments for one in three Albanians. This is not bureaucratic negligence — it is the architecture of political surveillance.
Incident 2: Salary Database Leak (December 2021)
637,138 Salary Records — 22% of Albania’s Population
A spreadsheet containing salary and employment data for 637,138 Albanian citizens was distributed via WhatsApp. PM Edi Rama publicly apologized, stating it “looks more like an internal infiltration rather than an outside cyber-attack.”
Data exposed per record:
- Full name
- National ID card number
- Salary amount
- Job position and title
- Employer name
Experts recommended renewing all citizen ID numbers as the only remediation. There is no public record of this recommendation being implemented.
Incident 3: Iranian HomeLand Justice Attack (2022–2024)
State-Sponsored Attack — AKSHI, Parliament, Police, Intelligence
Iranian state-sponsored hackers operating as “HomeLand Justice” (MITRE ATT&CK C0038) breached Albanian government systems via CVE-2019-0604 (Microsoft SharePoint). Initial access was established May 2021 — 14 months before the destructive attack. The attack was officially attributed to Iran’s Ministry of Intelligence and Security by the FBI, CISA, NATO, and UK NCSC.
Data Leaked via Telegram
| Dataset | Volume | Content |
|---|---|---|
| Police suspect database | ~100,000 records / 1.7 GB | Photos, ID numbers, names, DOB, nationality (from MEMEX system) |
| Police Chief dossier | 47 pages | Personal data + border crossing records |
| Minister email mailboxes | Interior + Defence Ministers | Official correspondence |
| PM Rama correspondence | Communications with citizens | Personal communications |
| SHISH (Intelligence) employees | Full employee list | Names, emails, phone numbers — Albania’s intelligence agency staff |
| Citizen phone/ID data | Mass leak | Name, birthplace, phone, ID card number |
| INSTAT census data (2024) | 100+ TB claimed | GIS data, census records |
Albania severed diplomatic ties with Iran on September 7, 2022 in direct response to the attack — the first time a nation had severed diplomatic relations over a cyberattack. NATO condemned the attacks. The United States Treasury Department sanctioned Iran’s Ministry of Intelligence and the Intelligence Minister personally.
Active Leak Channels (Still Live as of January 2026)
| Channel | Platform | Members | Status |
|---|---|---|---|
| @justice_homeland | Telegram | 13,600+ | ACTIVE |
| @JusticeHomeland1 | Telegram | Unknown | ACTIVE |
| homelandjustice.ru | Web | — | ACTIVE |
| justicehomeland.org | Web | — | ACTIVE |
The HomeLand Justice channels continue to distribute Albanian government data as of the writing of this report. Data sources claimed on the channel include: E-Albania, TIMS (border/immigration), MEMEX (police database), Credins Bank, and AMC (Albanian Mobile Communications).
Incident 4: Parliament & Telecom Attack (December 2023)
Albanian Parliament systems and One Albania (telecom company) were attacked in December 2023. AKCESK (National Authority for Electronic Certification and Cyber Security) confirmed the attacks. HomeLand Justice claimed deletion of 2 petabytes of telecom data and launched the #DestroyDurresMilitaryCamp campaign on December 24, 2023.
Pattern Analysis
Four characteristics define Albania’s data exposure pattern:
- AKSHI is the common thread. Both the insider leaks (voter/salary data from government registries that AKSHI manages) and the Iranian attacks (which directly targeted AKSHI) implicate the same agency.
- Insider vector dominant for PII leaks. PM Rama’s own characterization of the salary leak as “internal infiltration” matches the political nature of the voter database (shared for electoral use). These are not external hacks — they are institutional data weaponization.
- Sensitive political data was the primary target. Patronage assignments, party affiliations, intelligence employee lists, and minister correspondence were all exposed. This is surveillance infrastructure, not merely administrative records.
- No remediation at scale. The voter and salary databases exposed national ID numbers for over half the population. The recommended remedy (reissuing all IDs) was never implemented.
Sources
- Exit.al — The Leak of 910,000 Albanians’ Personal Data
- The Record — 637,138 Albanian Salary Records Leak
- Balkan Insight — Massive Data Leaks in Albania
- Infosecurity Magazine — PM Apology on Data Leak
- Transparency International — Albania Data Breach Alarm
- Security Affairs — December 2023 Parliament Attack
Note: For the full HomeLand Justice technical analysis including malware attribution, attack timeline, and MITRE ATT&CK campaign data, see the Iranian Cyberattacks report.
Documented: January 2026 — ODINT Albania Investigation