Three major cyberattacks expose vulnerabilities in Lithuania’s state information systems

Lithuania has faced three significant cyberattacks, including one of the largest data breaches in its history, targeting the state’s Registry Centre, the Health Care Accreditation Service, and the Ministry of the Interior, LRT reports.

The attack on the Registry Centre resulted in the theft of 600,000 property records, affecting around half a million people. Hackers, exploiting credentials from two Migration Department employees, began extracting data in January, but the breach was only detected in April. The incident prompted the resignation of the centre’s director, Adrijus Jusas, and is estimated to have caused at least €111,000 in damages. President Gitanas Nausėda called it a national security scandal.

Finance Minister Kristupas Vaitiekūnas confirmed his data was among the stolen records, while Defence Minister Robertas Kaunas was unaffected. The Data Protection Inspectorate stated that the breach impacted approximately 500,000 individuals.

A second attack involved potential unauthorised access to around 50 email accounts at the Ministry of the Interior. Minister Vladislavas Kondratovičius acknowledged suspicions but stated no evidence of further database breaches was found. The National Cyber Security Centre had previously identified vulnerabilities in the ministry’s systems, though Kondratovičius claimed compliance with 96% of its recommendations. He noted that in 2025 alone, over 106,000 data breaches affected more than 220 organisations in Lithuania, describing such incidents as “part of everyday life.”

The third attack saw over 60,000 records on doctors leaked from the Health Care Accreditation Service’s system, which issues licences to medical professionals and institutions. Health Minister Aurėja Veryga stated the system was immediately disconnected, and the attack was repelled with third-party assistance.

Defence Minister Kaunas emphasised the need for systemic reform, proposing a centralised management system for state information systems and expanded specialist support for institutions slow to respond to threats. The National Cyber Security Centre has stated that the incidents are not currently linked and does not see a coordinated cyberattack against Lithuania. However, some experts warn of hybrid warfare signs and stress the fragility of the country’s information systems.