Lithuania Investigates State Registry Breach of 600,000 Records
Published
Key Takeaways
- Massive Data Breach: Attackers compromised over 600,000 records from the Centre of Registers.
- Credential Misuse Detected: The intrusion leveraged unauthorized access via institutional login credentials.
- Leadership Resignation Follows: Centre of Registers chief Adrijus Jusas resigned after the early April discovery.
The Lithuanian Prosecutor General’s Office is currently investigating a significant cybersecurity incident involving unauthorized access to more than 600,000 records. These records are managed by the Centre of Registers. According to investigators, the breach likely originated from an unnamed foreign country and involved the deliberate misuse of login credentials assigned to institutions authorized to access the state databases.
Impact on Real Estate and Legal Entities Registers
The exfiltrated data primarily originated from Lithuania’s Real Estate and Legal Entities Registers, according to authorities. The data breach was detected in early April, and the resulting financial damage is estimated at more than €111,000.
The Centre of Registers said the compromised personal and property data includes:
- Full names,
- Dates of birth,
- National identification numbers,
- Addresses,
- cadastral information,
- registry details.
The agency confirmed that no contact details, bank account information, payment data, court rulings, or cadastral measurement files were exposed during the intrusion. Individuals can check whether their personal data has been disclosed by logging in to the self-service system of the Centre of Registers.
Laurynas Kasciunas, leader of Lithuania’s conservative opposition party and a former defense minister, said this data “was stolen using the access from the Department of Migration to the Ministry of Interior systems.”
Incident Response and Threat Attribution
In response to the threat, authorities implemented immediate security controls, blocking suspected accounts and mandating that users update their access credentials. Following scrutiny over the incident, Centre of Registers chief Adrijus Jusas resigned on Monday.
Regarding advanced threat attribution, Kasciunas alleged that the attack exhibited the hallmarks of a Russian intelligence operation. However, the Lithuanian Prosecutor General’s Office has neither confirmed nor denied possible Russian involvement, and no hacking group has publicly claimed responsibility for the cyberattack.
Last week, the EU's Ursula von der Leyen said that Russia's threats against the Baltics were completely unacceptable and “a threat against our entire union.” In late April, the EU sanctioned Russian propaganda networks Euromore and Pravfond with asset freezes.
In February, the French government disclosed a major national bank account registry breach, and the General Directorate of Civil Registry in Ecuador was hit by a DDoS attack in January.
Related
Get expert insights on threats, breaches, scams, and security trends — delivered every Monday.
Most Popular
Get expert insights on threats, breaches, scams, and security trends — delivered every Monday.
Most Popular