Following a data leak at the Lithuanian Centre of Registers, here’s what affected people should know.
According to Mindaugas Samkus from the centre, only information contained in extracts from the Real Estate Register was exposed.
“However, no personal contact details, such as telephone numbers or email addresses, information about payments for services provided by the Centre of Registers, bank account numbers, or any documents – such as real estate transfer agreements, court rulings, cadastral survey documents or building layout plans – were disclosed,” Samkus said.
As a result, malicious actors will not be able to access bank accounts directly.
However, they could attempt to obtain more sensitive data by combining the leaked data with the information about individuals they already possess.
“It is worth remembering that malicious actors often try to exploit human emotions and use social engineering techniques to obtain the information they need. They may attempt to trick people into revealing login credentials or other important personal data, offer fictitious services and encourage payment for them.
“Residents should remain attentive and cautious regarding messages or direct contacts requesting any personal information,” Samkus said.
“In this case, people simply need to remain vigilant and critically assess any request for personal information,” he added.
Ramūnas Liubertas, a senior security engineer at the NOD Baltic IT firm, also told LRT.lt that having only a person’s name and personal identification number would not be enough for fraudsters to take out a loan.
“For example, taking out a loan requires more than just a name and personal identification number – it also requires confirmation via Smart-ID or a mobile signature.
“Fraudsters may even pretend to be employees of the Centre of Registers and say: ‘We can provide you with information over the phone about whether your data has been leaked, but we need Smart-ID confirmation.’ In reality, they could then use that data to access online banking or take out a loan,” Liubertas said.
He added that if people suspect they may have fallen victim to scammers, they can log into systems operated by Creditinfo and other credit bureaus to check whether any unexpected financial obligations, identity checks or loan requests have appeared in their name.
Although email addresses were not leaked, many people in Lithuania create them using their first name, a dot and surname, making them relatively easy to guess, Liubartas said.
“Fraudsters may send emails encouraging people to click on links, claiming that something has happened, or pretending to be real estate specialists or notaries, in an attempt to obtain information that can later be used for further attacks,” the cybersecurity specialist said.
Samkus from the Centre of Registers stressed that even if a caller, email or Facebook message addresses a person by name or mentions information about their property, people should critically assess any requests to log into bank accounts or clicking links.
According to Liubertas, specialists are currently actively monitoring the dark web, and if any groups attempt to sell packages of leaked data, they will be identified quickly.
“At the moment, there is no information on the dark web indicating that the leaked data is being sold,” he added.
Newsletter
Every Friday morning.
