Libya’s General Authority for Monitoring Media Content has raised alarm over what it described as a serious leak of citizens’ personal data through the gas cylinder distribution system managed by Brega Oil Marketing Company.
According to the authority, the leaked information includes full names, national ID numbers, registration numbers, and personal phone numbers — a breach it says poses a direct threat to national security.
The authority warned that such data could be exploited for financial fraud, criminal activity, or blackmail, calling the incident a grave act of negligence and a clear violation of Law No. 4 of 1990 of the National Information and Documentation System, which criminalizes the unlawful collection or publication of personal data and prescribes prison sentences and fines for offenders.
The authority called on Brega company to assume full legal and ethical responsibility and urged the company to review its data display protocols to prevent further harm. It also appealed to the Attorney General and judicial authorities to launch a wide-ranging investigation to identify those responsible, whether through negligence or intent.
It further warned media outlets and citizens against sharing or republishing any leaked data, stressing that doing so constitutes a punishable offense and exacerbates the harm to affected individuals.
Brega denies allegations, claims system is secure
In response, Brega Company denied the allegations, stating in an official release that it remains fully committed to data protection and operates by Libyan laws and regulations.
The company stated that it has implemented robust cybersecurity measures, including data encryption, firewalls, and 24/7 monitoring systems, and insisted that its platform is stable and free of leaks. It dismissed the authority’s claims as inaccurate and unfounded, and threatened legal action to defend its reputation.
Authority responds: delayed denial and system changes confirm breach
The Media Monitoring Authority rejected Brega company’s statement, describing it as a delayed attempt to deflect from the core issue. It noted that more than 20 hours after the initial report, teh company made urgent changes to its system — replacing the booking number with the registration number as a requirement for gas receipt confirmation — which the authority says confirms the existence of a serious security flaw.
The authority argued that Brega company’s silence was not due to internal review but rather an effort to patch the system before facing public scrutiny, increasing its ethical and legal liability.
It reiterated its call for a digital forensic investigation by the Attorney General’s office, the National Authority for Information Security, and the Criminal Investigation Bureau, stressing that citizens’ data is a national asset that must be protected from misuse.
Admission and damage control
In a related development, Brega company’s media office director visited the Authority’s headquarters in Tripoli and acknowledged that the leak was the result of an unintentional error. He confirmed that the company is taking steps to prevent future incidents.
During the meeting, both parties agreed to remove previously published data in line with harm-reduction principles. The Authority emphasized the importance of safeguarding personal information and reaffirmed its commitment to monitoring and protecting citizens’ data with full diligence
