No data breach detected in state systems, says Lithuania’s interior ministry

The Lithuanian Interior Ministry (VRM) has stated that no evidence of a data breach in state systems or registries has been found, following reports of a potential compromise of email accounts belonging to employees of institutions under its jurisdiction.

“It is important to distinguish between the possible compromise of email accounts and a breach of state registries or information systems. Personal data stored in the VRM’s information systems and registries remain secure, and the operation of these systems has not been disrupted,” Interior Minister Vladislavas Kondratovičius was quoted as saying in a statement.

The ministry noted that attempts to gain unauthorised access to email accounts are among the most common cyber threats worldwide. According to data from the National Cyber Security Centre, in 2025, Lithuania recorded over 106,000 leaked login credentials, with 221 organisations notified.

As previously reported by the news portal 15min, authorities are currently investigating the circumstances surrounding the potential breaches of VRM-affiliated email accounts. The portal cited sources suggesting that information about the breach of several dozen VRM IT system accounts may have been known to ministry leadership as early as May, and was discussed in some inter-institutional meetings.

Separately, the General Prosecutor’s Office is investigating an incident in which more than 600,000 real estate records may have been stolen from the Centre of Registers (RC), resulting in damages of at least €111,000. The State Data Protection Inspectorate estimates that the number of affected residents is slightly lower, at around 500,000.

Adrijus Jusas, the former head of the RC who has since resigned, stated that a large-scale data leak from the registries was detected as early as April, but the ability to report the incident was limited by a pre-trial investigation launched by prosecutors on April 5. The RC maintained that its duty was to inform citizens about the theft of their data, not to publicly announce a pre-trial investigation.