How an Oversight Unveiled Albania’s Intelligence Operations
What happens when a government accidentally broadcasts the very secrets it’s meant to keep? Back in December 2018, Albania gave the world a prime example. The country’s State Intelligence Service, known as SHISH, posted payment spreadsheets online that should never have seen the light of day. Anyone—journalist, foreign agent, or just a curious citizen—could access these files with a few clicks.
Hidden in those spreadsheets? Much more than just dry numbers or budget lines. The files listed the full names of undercover operatives—people whose jobs depend on their identities staying hidden. Alongside the names, the sheets included positions, phone numbers, identification card details, and even the number plates of their vehicles. And this wasn’t limited to only those inside Albania’s borders. Records surfaced for intelligence personnel operating in other European countries—Belgium, Greece, Kosovo, Macedonia, Serbia, and Italy.
The leak laid out a full picture of Albanian intelligence operations. You could see transaction amounts, operational expenses, and the exact dates payments were made. Details weren’t vague: you could match a specific person to a specific task in a specific country on a particular day. For intelligence work, this kind of information is gold—if you’re the wrong person getting your hands on it.
NATO at Risk and Questions for Albanian Security
What set this leak apart was the depth of exposure. At least two of the operatives named worked inside NATO headquarters in Belgium. In the current world climate–with international intelligence activities under constant threat—such a mistake doesn’t just embarrass one country, it rattles an alliance. Rivals could easily target agents, monitor their movements, or reconstruct ongoing missions just by reading those spreadsheets.
Discovering the problem wasn’t a job for spies. Investigative journalists, not clandestine adversaries, first connected the dots and raised the alarm. According to coverage by The Independent, the data was left accessible for months after first being posted—despite several attempts by journalists and security experts to inform Albanian authorities. The authorities didn’t react fast enough. Data that should have been locked away was sitting in plain sight.
This wasn’t just a careless misclick. It pointed to deeper problems in how Albania handles sensitive data. Standard best practices—encrypting classified documents, blocking public access, setting up internal security audits—weren’t followed or failed completely. If a spreadsheet with this much damaging information slipped out so easily, what about other classified content? The episode sparked major concern not just in Albania, but among its neighbors and partners who rely on it to keep shared secrets safe.
Behind every headline about a government leak are real people suddenly made vulnerable. For Albanian operatives exposed in this data dump, security routines and daily lives were thrown into chaos. As taking information security seriously becomes ever more urgent, Albania’s experience is a wake-up call to intelligence agencies everywhere—one careless spreadsheet can unravel years of careful, silent work.