Lithuania’s State Security Department has confirmed that intelligence officers are among those affected by a large-scale data breach at the Centre of Registers, which was first uncovered after a citizen raised concerns over potential irregularities.
The head of Lithuania's State Security Department, Remigijus Bridikis, said intelligence personnel were affected “just like any other citizens”.
He declined to say whether the stolen data had been specifically targeted or to outline what countermeasures the agency would take, citing security concerns.
“The law mandates that we take measures ourselves to protect our information and activities. If we talk about it now, the adversary will know our weak spots,” he said. “We all have weak spots, there is nothing surprising about that.”
Bridikis said there was no reason for public alarm regarding the exposure of intelligence officers’ personal data. He also said it was not yet confirmed whether a hostile state was behind the attack, adding that responsibility should be determined by prosecutors.
President Gitanas Nausėda has previously suggested that “hostile states” could be responsible for the breach.
The comments came ahead of a closed session of parliament’s National Security and Defence Committee, which is examining the cyberattack and its implications.
The Prosecutor General’s Office is investigating the suspected theft of more than 600,000 Real Estate Register records, including personal identification codes. Law enforcement says the system was accessed from abroad using compromised Migration Department accounts, with the breach believed to have occurred earlier this year and discovered in April.
Interior Minister Vladislavas Kondratovičius said the breach was first uncovered after a citizen raised concerns over unusual interest in their property by the Migration Department.
He said a letter received in late February prompted an internal investigation, which led to the suspension of certain accounts, password resets and alerts to cybersecurity authorities.
Authorities later determined that login credentials belonging to two Migration Department employees may have been compromised. However, the minister said there was no evidence of malicious intent or that the employees had knowingly shared their access details, and they have not been suspended.
“So far, it has not been established that this was given away maliciously,” he said. “The investigation did not find that they performed any actions to transfer data.”
Those potentially affected include the president, the chief of defence, government ministers, members of parliament and business figures.
Newsletter
Every Friday morning.
