Lithuania’s interior minister confirms migration and biometric data systems secure after breach reports

Lithuania’s interior minister Vladislavas Kondratovičius stated on Monday that the country’s migration information systems and biometric databases remain secure, following reports of a potential large-scale breach into accounts of employees at institutions under the Interior Ministry (VRM).

“I confirm that the Interior Ministry’s information systems are secure. The Migris [migration system] and ADIS [integrated information system]—where biometric data of residents are stored—were not compromised, and the data remains reliably protected,” Kondratovičius told journalists, as reported by LRT and the ELTA news agency.

According to the minister, audits by the Migration Department and the Communications and Information Department found no anomalies or data leaks. Investigative bodies—including the Criminal Police, the National Cyber Security Centre (NKSC), and the State Security Department (VSD)—also reported no evidence of unauthorised access or breaches.

“No anomalies, past unauthorised logins, or other forms of data leakage were detected. Today, they reassured me that no such incidents occurred, and these agencies hold no such information,” Kondratovičius said. He added that recently implemented security measures for protecting the registries had functioned as intended.

The minister noted that authorities responded immediately to the incident, with the first report submitted to the NKSC in January. Police were also notified of potential unauthorised activities. An intensive investigation is underway, supported by a dedicated task force comprising specialists from the ministry, the Migration Department, the Communications Department, the NKSC, and the Criminal Police Bureau’s cybersecurity unit.

Last week, news portal 15min reported that responsible agencies were examining possible breaches into accounts of employees at VRM-subordinate institutions. At the time, Kondratovičius neither confirmed nor denied the reports of a large-scale intrusion, though portal sources suggested ministry leadership may have been aware of the breach affecting dozens of IT system accounts as early as May. The issue was allegedly discussed in inter-agency meetings.

Separately, ELTA reported that the Prosecutor General’s Office is investigating an incident in which over 600,000 real estate records may have been stolen from the Centre of Registers (RC), resulting in damages exceeding €111,000. The State Data Protection Inspectorate estimates around 500,000 residents were affected by the breach. The former head of the RC, Adrijus Jusas—who resigned following the incident—claimed the large-scale data leak was detected in early April, but legal constraints tied to the ongoing pre-trial investigation limited public disclosure. The RC maintained its obligation was to inform affected individuals, not to announce an active criminal probe.

Lithuania’s parliamentary opposition has since collected the signatures required to initiate a temporary investigative commission to examine the circumstances of the data breach.