Cyberattacks and Data Breaches Rock Western Balkans and Turkey, Exposing Critical Vulnerabilities
A series of cyberattacks and data breaches across the Western Balkans and Turkey in early 2026 have exposed persistent security gaps in both public and private sector infrastructure. Iranian-linked hackers, Russian state-affiliated groups, and criminal actors targeted government institutions, telecom providers, and critical services, compromising sensitive data and disrupting operations.
In Albania, the Iranian hacker group Homeland Justice claimed responsibility for attacks on parliament and the Albanian Post in March 2026. The group leaked parliamentary emails and postal service data on Telegram, aiming to delete servers and exfiltrate sensitive information. While authorities described the attack as "sophisticated," they confirmed that core infrastructure remained intact. The incidents follow a pattern of Iranian cyber aggression since 2022, when retaliatory strikes against Albania linked to its hosting of Iranian dissidents led to severed diplomatic ties. Experts criticized systemic negligence, noting that basic security measures remain unimplemented despite repeated breaches.
In North Macedonia, cybersecurity researchers identified a compromise of the gov.mk email domain by Fancy Bear, a Russian hacker group tied to military intelligence. While the government denied any official breach, the inclusion of sensitive addresses including those from the Ministry of Defence in the group’s materials suggests targeted espionage. The discovery comes amid heightened tensions, as North Macedonia joined Western sanctions against Russia and provided military aid to Ukraine in 2024.
Major data breaches also struck telecom providers in the region. In Serbia, Telekom Srbija suffered a leak affecting over 600,000 users, exposing personal details such as names, addresses, and national identifiers. Attackers attempted extortion, threatening to publish the stolen data. Similarly, Turkey’s Turkcell Superonline reported a breach impacting 300,000 customers, with leaked information including ID numbers and subscription details. Both incidents, detected via dark web monitoring, underscore critical weaknesses in customer data protection, leaving individuals vulnerable to identity theft and financial fraud.
In Albania, the risks of such breaches have materialized: state police reported a case where stolen financial data was used to open a fraudulent bank account, enabling unauthorized transactions in Spain.
These incidents reflect a broader trend of escalating cyber threats in the region, where attackers exploit systemic vulnerabilities in IT systems, databases, and communication networks. The consequences extend beyond immediate data loss, eroding public trust in institutions and raising national security concerns. Governments and companies face growing pressure to address long-standing security failures that have left citizens exposed.
Source: https://balkaninsight.com/2026/04/20/data-privacy-threats-persist-across-balkans-and-turkey/bi/
Ministry of Transport and Infrastructure, Republic of Turkey cybersecurity rating report: https://www.rankiteo.com/company/ministry-of-transport-and-infrastructure-turkey
ALBANIAN POST S.A./POSTA SHQIPTARE SH.A cybersecurity rating report: https://www.rankiteo.com/company/posta-shqiptare-sh-a
Turkcell Superonline cybersecurity rating report: https://www.rankiteo.com/company/turkcell-superonline
"id": "MINPOSTUR1776666864",
"linkid": "ministry-of-transport-and-infrastructure-turkey, posta-shqiptare-sh-a, turkcell-superonline",
"type": "Cyber Attack",
"date": "3/2026",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'industry': 'Government',
'location': 'Albania',
'name': 'Albanian Parliament',
'type': 'Government Institution'},
{'industry': 'Postal Services',
'location': 'Albania',
'name': 'Albanian Post',
'type': 'Government Service'},
{'industry': 'Government',
'location': 'North Macedonia',
'name': 'gov.mk (North Macedonia)',
'type': 'Government Institution'},
{'industry': 'Defence',
'location': 'North Macedonia',
'name': 'Ministry of Defence (North Macedonia)',
'type': 'Government Institution'},
{'customers_affected': '600000',
'industry': 'Telecommunications',
'location': 'Serbia',
'name': 'Telekom Srbija',
'type': 'Telecom Provider'},
{'customers_affected': '300000',
'industry': 'Telecommunications',
'location': 'Turkey',
'name': 'Turkcell Superonline',
'type': 'Telecom Provider'}],
'attack_vector': ['email compromise',
'exploitation of vulnerabilities',
'extortion'],
'data_breach': {'data_exfiltration': ['yes'],
'number_of_records_exposed': '900000',
'personally_identifiable_information': ['names',
'addresses',
'national identifiers',
'ID numbers'],
'sensitivity_of_data': ['high'],
'type_of_data_compromised': ['personal details',
'government communications',
'subscription data']},
'date_detected': '2026-03',
'date_publicly_disclosed': '2026-03',
'description': 'A series of cyberattacks and data breaches across the Western '
'Balkans and Turkey in early 2026 exposed persistent security '
'gaps in public and private sector infrastructure. '
'Iranian-linked hackers, Russian state-affiliated groups, and '
'criminal actors targeted government institutions, telecom '
'providers, and critical services, compromising sensitive data '
'and disrupting operations.',
'impact': {'brand_reputation_impact': ['eroded public trust in institutions'],
'data_compromised': ['parliamentary emails',
'postal service data',
'personal details (names, addresses, national '
'identifiers)',
'ID numbers',
'subscription details'],
'identity_theft_risk': ['high'],
'operational_impact': ['disruption of postal services',
'compromised government communications'],
'payment_information_risk': ['fraudulent bank account openings'],
'systems_affected': ['government email domains',
'telecom customer databases']},
'lessons_learned': 'Systemic negligence and failure to implement basic '
'security measures despite repeated breaches. Critical '
'weaknesses in IT systems, databases, and communication '
'networks leave citizens vulnerable to identity theft and '
'financial fraud.',
'motivation': ['espionage', 'disruption', 'financial gain', 'retaliation'],
'post_incident_analysis': {'root_causes': ['systemic security negligence',
'unpatched vulnerabilities',
'lack of basic security measures']},
'recommendations': 'Governments and companies must address long-standing '
'security failures to protect sensitive data and restore '
'public trust.',
'references': [{'source': 'Cybersecurity Research'},
{'source': 'Dark Web Monitoring'}],
'threat_actor': ['Homeland Justice (Iranian-linked)',
'Fancy Bear (Russian state-affiliated)',
'Criminal actors'],
'title': 'Cyberattacks and Data Breaches in Western Balkans and Turkey (2026)',
'type': ['cyberattack', 'data breach']}