Interior ministry clarifies: neither the ministry nor IRD received a 100,000 euro invoice from the Centre of Registers

The Interior Ministry has clarified that neither the ministry nor the Informatics and Communications Department (IRD) received a 100,000 euro invoice from the Centre of Registers (RC), as previously suggested by Interior Minister Vladislavas Kondratovičius, LRT reports.

Kondratovičius had earlier mentioned receiving such an invoice from the RC following a data breach. However, the ministry now states that the minister was referring to the estimated state damage caused by the leaked RC data, not an actual invoice.

“When we already understood from the Centre of Registers (…) when they started saying this was global, we didn’t even know the scale of this data leak incident. We only received, perhaps on April 15 or 12, an invoice from them to pay 100,000 euros for that data. We never received it; this is the first time,” Kondratovičius said during a meeting with the Homeland Union-Lithuanian Christian Democrats faction.

The ministry confirmed to ELTA that the minister was indeed referring to the estimated state damage of around 100,000 euros due to the data leak from the RC.

“We clarify that Interior Minister V. Kondratovičius, when speaking about the 100,000 euro invoice, was actually referring to state damage of that amount due to the data leak from the Centre of Registers,” the minister’s advisor, Mindaugas Bajarūnas, told ELTA.

A prosecutor’s office is investigating the potential leak of over 600,000 real estate registry extracts from the RC, with estimated damages of at least 111,000 euros. The head of Lithuania’s Criminal Police Bureau, Arūnas Maskoliūnas, confirmed at the end of May that the data leaked through the Migration Department, which is under the Interior Ministry.

Kondratovičius previously stated that in mid-February, it was reported that a citizen was inquiring about their property at the Migration Department. This raised suspicions of a possible data leak. To investigate, the IRD, subordinate to the ministry, had to provide authorisations, and for a protocol received from the RC, it had to pay 2.64 euros.

“The Centre of Registers did not note that the Migration Department was interested; it was written there – the Interior Ministry. This is the first problem because we lost a week or more trying to figure out who actually connected,” Kondratovičius said.

According to the Interior Ministry, on March 25 of this year, the IRD confirmed it would cover the cost of the protocol. Both the RC and the Interior Ministry confirmed that other expenses for the state enterprise are covered by the state budget.

“No other invoices for the received data were issued to either the Informatics and Communications Department or the Interior Ministry. As the Centre of Registers states, according to the Law on the Management of State Information Resources, the costs incurred by institutions are compensated from the state budget,” the Interior Ministry told ELTA.

The State Data Protection Inspectorate estimates that around 500,000 residents were affected by the RC data breach. Adrijus Jusas, the former head of the RC who has since resigned, said a large-scale data leak from the registers was noticed as early as the beginning of April, and state institutions were informed.