Polish government downplays leak of military logistics data

Share on facebook
Share on twitter
Share on linkedin
Share on reddit

The Polish government said today that a recent leak of a military database does not contain any classified or sensitive military information and that the incident “does not pose a threat to state security or the functioning of the Polish Armed Forces.”

The government’s statement today came hours after Polish news outlet Onet published a “controversial” story claiming that the leaked database could be “extremely valuable to foreign intelligence services.”

Reporters claimed they found a copy of the Polish Army’s inventory, containing information varying from the number of anti-tank missiles to the number of F-16 fighter jets and from the number of screws to laptops.

But in a statement hours after the report, the Polish Ministry of National Defense said that none of the information included in the leaked database was classified, and anyone could have obtained the same information through public records.

Officials said the leaked database was a copy of the eJIM application, a Windows app that lets military staffers manage the logistics, supplies, and inventory of the Polish Army.

Also known as the System Informatyczny Jednolitego Indeksu Materiałowego (IT System of the Uniform Material Index), officials said this data is not only public but also published by NATO as part of the Master Catalog of References for Logistics (NMCRL) database.

Poland-eJIM-leak
Image: The Record

The government’s statement was also independently confirmed by Zaufana Trzecia Strona, a Polish cybersecurity blog, whose reporters confirmed that they weren’t able to find any sensitive information on Poland’s military arsenal after downloading the leaked database.

The confusion around the original Onet report appears to come from the fact that the database was leaked online via a notorious hacking forum, which seems to have created the illusion of coordinated hack & leak incident of a sensitive government system.

Poland-Raid-post
Image: The Record

But while the government downplayed the idea of a sensitive leak, officials said they are still investigating how a copy of the authentic eJIM application leaked online in the first place.

“According to preliminary findings, an employee of the Support Inspectorate neglected his duties,” the Polish Ministry of Defense said today, adding that one official is already under investigation by the Military Police.

Catalin Cimpanu is a cybersecurity reporter for The Record. He previously worked at ZDNet and Bleeping Computer, where he became a well-known name in the industry for his constant scoops on new vulnerabilities, cyberattacks, and law enforcement actions against hackers.

Read more