Lithuania Investigates Major Data Breach
Lithuanian prosecutors are investigating a major data breach affecting the country's state registry systems, potentially exposing sensitive personal and property records of over 600,000 individuals. The breach, which was first detected in early April, is believed to have originated from a foreign country and involved the misuse of login credentials assigned to institutions authorized to access the databases.
Stolen Information and Financial Damage
The stolen information primarily came from Lithuania's Real Estate and Legal Entities Registers, databases that provide paid access to official property and corporate records. Initial estimates put the financial damage at more than €111,000 ($129,000). The compromised data included personal information such as names, dates of birth, and national identification numbers, along with property-related data including addresses, cadastral information, and registry numbers.
No contact details, bank account information, payment data, or official documents such as court rulings or cadastral measurement files were exposed, according to the Centre of Registers. The agency said in a statement that the breach was likely caused by the misuse of login credentials and that additional cybersecurity measures have been introduced to prevent similar incidents in the future.
Response and Aftermath
Lithuanian authorities introduced additional cybersecurity measures after detecting the breach, including blocking accounts suspected of being misused and requiring users to update access credentials. The Centre of Registers chief, Adrijus Jusas, resigned Monday following scrutiny over the incident. Jusas blamed years of underinvestment in state IT infrastructure, saying the systems required up to €60 million ($69.8 million) in upgrades to meet modern cybersecurity standards.
In a statement on Facebook, Laurynas Kasciunas, leader of Lithuania's conservative opposition party and a former defense minister, alleged that the breach showed "the hallmarks of a Russian intelligence operation," though he did not provide evidence for the claim. He also suggested that compromised accounts linked to Lithuania's Migration Department may have been used in the attack.
Regional Context and Similar Attacks
The incident follows similar attacks on government registries elsewhere in Eastern Europe. Last year, Slovakia's land registry system suffered a major cyberattack that disrupted property and construction services nationwide. Around the same time, suspected Russian hackers breached Ukraine's state registries, temporarily disrupting access to essential government services tied to digital records.
Lithuania, a NATO and European Union member bordering the Russian exclave of Kaliningrad as well as Russia's ally Belarus, has repeatedly accused Moscow of conducting hybrid operations against the country, including cyberattacks, disinformation campaigns, and acts of sabotage. Lithuanian prosecutors have neither confirmed nor denied possible Russian involvement, and no hacking group has publicly claimed responsibility.
- The breach affected over 600,000 state registry records.
- The stolen information included personal and property-related data.
- The financial damage is estimated to be over €111,000 ($129,000).
- Additional cybersecurity measures have been introduced to prevent similar incidents.
The breach shows the hallmarks of a Russian intelligence operation - Laurynas Kasciunas
The investigation into the breach is ongoing, and Lithuanian authorities are working to determine the origin and extent of the attack. The incident highlights the importance of investing in modern cybersecurity standards and protecting sensitive government data from potential threats.
Source: The Record