An Israeli Ministry of Defense dataset indexed by leaksear.ch contains 8,865 records tied to pre-military trainees and enlistment candidates, with names, contact details, Israeli national IDs, dates of birth, addresses, and program metadata (leaksear.ch metadata). The dataset is marked as breached on October 27, 2021, and its description is consistent with public reporting that Moses Staff leaked Defense Ministry files and Excel data involving soldiers and mechina pre-military students (www.jpost.com).
What happened
The Jerusalem Post reported on October 27, 2021, that a hacker group called Moses Staff claimed it had carried out a cyberattack on Israel's Defense Ministry and released files and photos it said were taken from ministry servers (www.jpost.com). JNS, citing Israeli reporting, said the leaked material was posted on the dark web and in Telegram groups and included information about IDF reserve officers, military units, and thousands of Israeli teens set to enlist (www.jns.org).
The exact access path for this specific dataset has not been confirmed in the open sources reviewed. Check Point Research later analyzed MosesStaff campaigns against Israeli organizations and found a pattern of stealing and leaking sensitive data, then encrypting victim networks without a ransom demand, but the firm also said attribution of politically motivated cyberattacks is complicated and it could not draw definitive conclusions from the evidence available (research.checkpoint.com).
What data was exposed
leaksear.ch indexing metadata lists searchable data including names, email addresses, phone numbers, addresses, countries, and dates of birth (leaksear.ch metadata). The records also contain Israeli national IDs and contextual fields such as age, gender, father and mother names, health fund, medical approval, school grade and school type, framework, recruitment source, enlistment status, supervision level, trainee background, training potential, and related program metadata (leaksear.ch metadata).
That field profile aligns with The Jerusalem Post's contemporaneous report that leaked Excel files allegedly included names, ID numbers, emails, addresses, phone numbers, and socioeconomic status for soldiers, mechina pre-military students, and people connected to the Defense Ministry (www.jpost.com).
Why this matters
The exposed data combines stable identifiers with contact information and military or pre-military context, which can make phishing, impersonation, harassment, and identity-fraud attempts more credible (leaksear.ch metadata). Family, education, health, and enlistment-related fields increase the sensitivity because they give attackers personal context for social engineering. Security teams should watch for spear-phishing that references enlistment, military service, government benefits, medical approvals, or training programs. If you may have been enrolled in an Israeli pre-military framework or enlistment process around this period, use the exposure check below to see whether your data appears in this leak.
Check your exposure
Vetted researchers and incident-response teams can request access or sign in if they already have access to check this dataset. Searchable pivots for this leak include address, country, date of birth, email, name, and phone.