19GB leak exposes Syrian Foreign Ministry files, prompts probe

Key developments

A cache of roughly 19 gigabytes of documents attributed to Syria’s Ministry of Foreign Affairs and Expatriates was published on a Telegram channel, releasing scanned files, diplomatic cables, internal correspondence, payroll and payments for overseas missions, consular and visa records, immigration and real-estate documents, and personal data of citizens and expatriates. Most files date from after the fall of the former regime in December 2024. The publication has provoked debate over the digital security of state institutions during the transitional period.

The ministry said relevant departments immediately began verifying and auditing the circulated material and coordinated with technical and security agencies to investigate the source, mechanism and scope of the leak and to pursue legal measures. Officials reassured the public that consular and diplomatic services continue to operate and warned that some circulated items may have been digitally altered. An informed ministry source told media the incident was not a technical cyberattack but resulted from a data leak by an employee in an administrative office.

Analysis and implications

Data-management specialist Mohammad Tawfiq Nahlawi told Enab Baladi the breach highlights an institutional lack of a data management culture and weak controls on permissions and physical access, making internal threats—deliberate or negligent—the core vulnerability. He said leaked diplomatic correspondence and personal records risk long-term political and psychological damage and called for a comprehensive review of information governance. Recommended measures include mandatory classification and immediate encryption at document creation, stricter physical controls (banning external storage media, closing device ports, securing servers), data segmentation, and activation of access controls and audit logs to track data movement. Nahlawi emphasized that protecting information is an administrative responsibility across all departments, not solely an IT task, and can often be achieved through low-cost, firm procedures.

as reported by Enab Baladi