Lithuania's President Gitanas Nausėda declared on Wednesday that "hostile states" orchestrated the theft of more than 600,000 records from the country's national property registry — making him the highest-ranking official yet to characterize the breach as a state-sponsored intelligence operation. Nausėda made the statement following an emergency meeting of the State Defence Council, adding that his own personal data was among those accessed.
The Lithuanian Prosecutor General's Office had announced the breach on May 22 after attackers exploited stolen login credentials belonging to the Migration Department — a government agency with legitimate access to the registry — to extract records from abroad over a period of months. The exfiltrated data includes names, national identification numbers, dates of birth, and residential property addresses from Lithuania's Real Estate and Legal Entities Registers, the state databases that record who lives where and which legal entities operate at what address.
Lithuania's Criminal Police Bureau head Arūnas Maskoliūnas confirmed on Tuesday that the data was extracted through accounts belonging to Migration Department employees.
What Data Was Stolen From Lithuania's National Registry
The Centre of Registers — the state enterprise that maintains Lithuania's real estate and legal-entity records — confirmed that the breach exposed names, surnames, national identification numbers, dates of birth, and property information from real estate register extracts. Phone numbers, email addresses, bank account details, payment data, court rulings, cadastral measurement files, and building plans were not compromised, the agency said.
The financial damage from the breach has been preliminarily estimated at more than €111,000 ($129,000). Adrijus Jusas, the director of the Centre of Registers, resigned on May 25 — three days after the breach became public — saying he had chosen to "step down and hand over responsibility to other professionals." In a separate interview before his resignation, Jusas disclosed that Lithuania's state IT infrastructure would require up to €60 million ($69.8 million) in investment to reach modern cybersecurity standards, implicitly acknowledging years of underinvestment.
Intelligence Officers' Home Addresses May Now Be in Hostile Hands
The data's most alarming dimension is not what was taken but whose address may be among the 600,000 records. Laurynas Kašiūnas, the leader of Lithuania's conservative opposition party and a former defense minister who serves on the parliamentary National Security and Defence Committee, described the breach as bearing "the hallmarks of a Russian intelligence operation." Writing on Facebook, he warned that residential addresses belonging to intelligence officers, military personnel, diplomats, politicians, and civil servants may now be in adversarial hands.
Kašiūnas laid out the specific threat chain in operational terms: home address data enables physical surveillance, monitoring of a person's movements and contacts, and attempts to install tracking devices. That same data can anchor targeted phishing attacks, identity theft, and account hijacking — or underpin coercion efforts that exploit financial or family vulnerabilities.
Those are not hypothetical risks in Lithuania's current environment. In April 2026, Lithuanian and international authorities charged 13 defendants in a GRU-linked network that had planned assassinations of two individuals in Vilnius — a Russian dissident and a Lithuanian citizen who had publicly supported Ukraine. One suspect was apprehended armed with a pistol while waiting outside his target's home. The pattern is consistent with what Kašiūnas warned: knowing where a person lives is often the first operational step in a physical attack.
For Russian and Belarusian political exiles sheltering in Lithuania, the concern runs deeper still. Lithuanian outlet Volna Litva noted that for ordinary citizens the breach is "an unpleasant leak," but for political emigrants from Russia and Belarus it "could be a matter of personal safety" — specifically because the legal entity data in the registry can expose the corporate structures through which exiled media organizations and civil society groups operate.
How the Credential Breach Bypassed the Registry Itself
The Centre of Registers was not hacked directly. Instead, attackers obtained or compromised valid login credentials belonging to accounts at Lithuania's Migration Department — an institution that holds legitimate, authorized access to the registry for official purposes — and then used those credentials to issue large volumes of queries from abroad over an extended period. The breach was first detected in early April 2026, though unauthorized access attempts began earlier in the year.
Lithuanian cybersecurity expert Mindaugas Ubartas identified the architectural vulnerabilities that made this possible: the system had no dual authentication requirement, no monitoring of user actions, and no restrictions on interagency query volumes.
The Migration Department stated on Tuesday that no employees had been suspended. "No staff have been suspended at the Migration Department in connection with this incident," the agency said. "The pre-trial investigation is establishing the true role of the institution and its employees, and suspension from duties is not always a proportionate measure at this stage of an investigation."
Nausėda sharply criticized the government's decision to delay public disclosure despite knowing about the breach for weeks. "It is truly unjustifiable that the public was informed with a delay of one or two months," he said. The president revealed that his own data was accessed in March — suggesting the breach window began earlier than initially reported. "This information would have allowed our people to make appropriate decisions and reduce the level of threat they faced," he added.
Government Defends Delay, Opposition Demands Accountability
Prime Minister Inga Ruginienė rejected calls for the government's resignation, telling reporters that stepping down would be "the best gift to our enemies." She said she had been informed about the breach in early April but could not make it public because a pre-trial investigation had already been launched. She also disclosed that her own family's data was among those accessed in the breach — a detail that underscored the reach of the exfiltration across Lithuania's highest levels of government.
The State Security Department director, Remigijus Bridikis, was more cautious about attribution. "This is sufficiently deep technical work to reliably establish attribution to one country or institution. In this case I cannot assert [that Russia is responsible]," Bridikis said in comments cited by Meduza. He added, however, that China, Russia, and North Korea are the primary actors in cyberspace and "seek to collect information and, when necessary, use it to destabilize the infrastructure of states."
How Does Lithuania's Breach Fit Russia's Hybrid War Campaign
Lithuania has been an explicit target of what Western governments describe as Russia's hybrid warfare campaign against Europe — a campaign that pairs cyberattacks and data collection with physical sabotage, arson, vandalism, and assassination plots. The country hosts NATO Enhanced Forward Presence troops and has been one of Ukraine's most vocal European supporters since Russia's full-scale invasion in February 2022.
The breach follows a pattern documented across Eastern Europe: rather than noisy ransomware attacks, sophisticated state-linked actors increasingly pursue quiet, high-value data exfiltration — operations designed to accumulate intelligence without triggering immediate countermeasures. The Record noted that Lithuania's breach follows similar attacks on government registries in Slovakia, whose land registry system suffered a major cyberattack, and in Ukraine, whose state registries were breached by suspected Russian hackers.
Lithuania's Defence Minister Robertas Kaunas put the incident in unambiguous terms after the breach was announced: "This is the new reality of what the Baltic states face. We need to adapt because the possibility of repeated similar scenarios is very high."
Frequently Asked Questions
What data was stolen in the Lithuania national registry breach?
Attackers extracted more than 600,000 records containing names, national identification numbers, dates of birth, and residential property addresses from Lithuania's Real Estate and Legal Entities Registers. Phone numbers, email addresses, bank account details, and official documents such as court rulings and cadastral files were not compromised, according to the Centre of Registers.
How were Lithuania's state records hacked?
The Centre of Registers itself was not directly hacked. Attackers exploited stolen login credentials belonging to accounts at Lithuania's Migration Department — an agency with authorized access to the registry — to issue large volumes of queries from abroad. The head of Lithuania's Criminal Police Bureau confirmed the Migration Department connection on May 26, 2026.
Are intelligence officers' addresses exposed in Lithuania's data breach?
That is the primary national security concern. Opposition leader and former Defense Minister Laurynas Kašiūnas warned that residential addresses of intelligence officers, military personnel, diplomats, politicians, and civil servants may be among the 600,000 records extracted. Lithuanian authorities have not confirmed which specific individuals' data was accessed, and the criminal investigation is ongoing.
Who is responsible for the Lithuania government registry hack?
Lithuania's Prosecutor General's Office suspects foreign state involvement but has not officially named a country. President Nausėda stated on May 27, 2026 that the breach bore signs of a "cyberattack organized by hostile states." State Security Department director Remigijus Bridikis said attribution had not been confirmed but identified China, Russia, and North Korea as the primary state actors in cyberspace.
ⓒ 2026 TECHTIMES.com All rights reserved. Do not reproduce without permission.
