Lithuania Investigates Major State Data Breach Linked to Foreign Intelligence
Lithuanian authorities are probing a significant cyberattack that exposed over 600,000 records from the country’s state registry system, with officials suspecting possible involvement by a foreign intelligence operation. The breach, reported on Monday, targeted the Centre of Registers, the institution responsible for managing property and personal data, including real estate records and personal identification numbers.
Prosecutors are examining unauthorized access attempts originating from a foreign state, though the Prosecutor General’s Office has not confirmed allegations of Russian involvement. Conservative opposition leader Laurynas Kasiunas warned that the leaked data particularly residential addresses could endanger intelligence officers, military personnel, diplomats, and civil servants, potentially enabling surveillance, phishing, identity theft, or coercion. However, officials clarified that contact details, bank accounts, and court-related property documents were not compromised.
The attack reportedly exploited accounts linked to Lithuania’s Migration Department, with multiple unauthorized logins detected. While the exact origin remains unconfirmed, Kasiunas suggested the breach bore "the hallmarks of a Russian intelligence operation."
The incident has intensified political pressure on Adrijus Jusas, head of the Centre of Registers, with Prime Minister Inga Ruginiene and Economy Minister Edvinas Griksas calling for his resignation. Jusas emphasized that restoring the registry’s stability was his priority but acknowledged the severity of the leak’s national security implications. The investigation is ongoing.
European Migration Network cybersecurity rating report: https://www.rankiteo.com/company/european-migration-network
"id": "EUR1779748243",
"linkid": "european-migration-network",
"type": "Breach",
"date": "5/2026",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'affected_entities': [{'customers_affected': 'Intelligence officers, military '
'personnel, diplomats, civil '
'servants, and general public',
'industry': 'Public Sector, Data Registry',
'location': 'Lithuania',
'name': 'Centre of Registers',
'type': 'Government Institution'}],
'attack_vector': 'Unauthorized access via compromised accounts',
'data_breach': {'number_of_records_exposed': 'Over 600,000',
'personally_identifiable_information': 'Yes (personal '
'identification '
'numbers, residential '
'addresses)',
'sensitivity_of_data': 'High (national security implications)',
'type_of_data_compromised': ['Personal identification numbers',
'Real estate records',
'Residential addresses']},
'description': 'Lithuanian authorities are investigating a significant '
'cyberattack that exposed over 600,000 records from the '
'country’s state registry system, with officials suspecting '
'possible involvement by a foreign intelligence operation. The '
'breach targeted the Centre of Registers, which manages '
'property and personal data, including real estate records and '
'personal identification numbers. The attack reportedly '
'exploited accounts linked to Lithuania’s Migration '
'Department, with unauthorized logins detected. The incident '
'has raised national security concerns, particularly regarding '
'the exposure of residential addresses of intelligence '
'officers, military personnel, diplomats, and civil servants.',
'impact': {'brand_reputation_impact': 'Severe reputational damage to Centre '
'of Registers',
'data_compromised': 'Over 600,000 records',
'identity_theft_risk': 'High (personal identification numbers, '
'residential addresses exposed)',
'operational_impact': 'National security concerns, political '
'pressure on officials',
'payment_information_risk': 'None (bank accounts not compromised)',
'systems_affected': 'Centre of Registers, Migration Department '
'accounts'},
'initial_access_broker': {'entry_point': 'Compromised Migration Department '
'accounts',
'high_value_targets': 'Intelligence officers, '
'military personnel, '
'diplomats, civil servants'},
'investigation_status': 'Ongoing',
'motivation': 'Espionage, surveillance, phishing, identity theft, or coercion',
'post_incident_analysis': {'root_causes': 'Unauthorized access via '
'compromised accounts'},
'references': [{'source': 'Prosecutor General’s Office of Lithuania'}],
'response': {'law_enforcement_notified': 'Prosecutor General’s Office '
'investigating',
'recovery_measures': 'Restoring registry stability'},
'stakeholder_advisories': 'Prime Minister and Economy Minister calling for '
'resignation of Centre of Registers head',
'threat_actor': 'Suspected foreign intelligence operation (allegedly Russian)',
'title': 'Major State Data Breach Linked to Foreign Intelligence in Lithuania',
'type': 'Data Breach'}