Lithuania Links Massive Data Breach to Hostile State Actors, Raises National Security Concerns
Lithuanian President Gitanas Nausėda has attributed the theft of over 600,000 records from the Centre of Registers to "hostile states," framing the March cyberattack as a national security threat. Speaking after a State Defence Council meeting on Wednesday, Nausėda confirmed indicators of state-sponsored involvement, calling the breach "intolerable" and demanding systemic improvements to prevent future incidents.
The stolen data including personal identification codes and real estate records was accessed through compromised Migration Department accounts. While no direct financial harm to individuals has been confirmed, the president warned of lingering fraud risks. Nausėda also revealed that his own personal data was among the exposed records.
Criticism was directed at the government’s delayed disclosure of the breach, which was known for at least a month before public notification. Nausėda dismissed claims that the Prosecutor General’s Office restricted the release of information, stating that early warnings could have helped citizens mitigate threats. The Prosecutor General’s Office is now leading the investigation.
The president emphasized institutional accountability, noting that while hostile actors exploited vulnerabilities, domestic agencies failed to address known security gaps. He stopped short of calling for Prime Minister Inga Ruginienė’s resignation but drew parallels to Latvia’s recent government crisis, stressing the need for concrete reforms before assigning political blame. The incident has exposed broader weaknesses in Lithuania’s cyber defenses, prompting calls for urgent upgrades.
Department for Migration and Globalisation cybersecurity rating report: https://www.rankiteo.com/company/department-for-migration-and-globalisation
"id": "DEP1779892714",
"linkid": "department-for-migration-and-globalisation",
"type": "Breach",
"date": "3/2026",
"severity": "100",
"impact": "6",
"explanation": "Attack threatening the economy of geographical region"{'affected_entities': [{'customers_affected': '600,000+ records',
'industry': 'Public sector',
'location': 'Lithuania',
'name': 'Centre of Registers',
'type': 'Government agency'},
{'industry': 'Public sector',
'location': 'Lithuania',
'name': 'Migration Department',
'type': 'Government agency'}],
'attack_vector': 'Compromised accounts',
'customer_advisories': 'Citizens advised to mitigate identity theft risks due '
'to exposed personal data.',
'data_breach': {'data_exfiltration': 'Yes',
'number_of_records_exposed': '600,000+',
'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'High (personally identifiable '
'information)',
'type_of_data_compromised': ['Personal identification codes',
'Real estate records']},
'date_detected': '2023-03',
'description': 'Lithuanian President Gitanas Nausėda attributed the theft of '
'over 600,000 records from the Centre of Registers to hostile '
'state actors, framing the March cyberattack as a national '
'security threat. The stolen data included personal '
'identification codes and real estate records accessed through '
'compromised Migration Department accounts.',
'impact': {'brand_reputation_impact': 'National security concerns, criticism '
'of government response',
'data_compromised': 'Over 600,000 records',
'identity_theft_risk': 'Fraud risks for citizens',
'operational_impact': 'Institutional accountability questioned, '
'delayed disclosure',
'systems_affected': 'Centre of Registers, Migration Department '
'accounts'},
'initial_access_broker': {'entry_point': 'Compromised Migration Department '
'accounts'},
'investigation_status': 'Ongoing (led by Prosecutor General’s Office)',
'lessons_learned': 'Known security gaps were not addressed, delayed '
'disclosure worsened risks, need for systemic '
'cybersecurity reforms.',
'motivation': 'National security threat, data exfiltration',
'post_incident_analysis': {'corrective_actions': 'Systemic improvements to '
'cyber defenses, '
'institutional reforms.',
'root_causes': 'Hostile state actors exploited '
'known security vulnerabilities in '
'domestic agencies.'},
'recommendations': 'Urgent upgrades to cyber defenses, institutional '
'accountability, early public warnings to mitigate '
'threats.',
'references': [{'source': 'Lithuanian President Gitanas Nausėda'}],
'response': {'communication_strategy': 'Delayed public disclosure',
'law_enforcement_notified': 'Prosecutor General’s Office'},
'stakeholder_advisories': 'Government agencies urged to address security '
'gaps, citizens warned of fraud risks.',
'threat_actor': 'Hostile state actors',
'title': 'Lithuania Data Breach Attributed to Hostile State Actors',
'type': 'Data Breach',
'vulnerability_exploited': 'Known security gaps in domestic agencies'}