Data theft exposes sensitive personal information
Lithuanian authorities have opened a criminal investigation into the theft of more than 600,000 records from the country’s real estate and business registers, suspecting the operation was carried out by Russian intelligence services. The breach, first reported by Logos Press, involved unauthorised third-party connections that copied the records from the Centre of Registers database. Investigators found that some queries were routed through the interior ministry’s migration department system, indicating that the attackers used internal networks of other Lithuanian state institutions to gain access. The incident is being treated as a national security threat, with the general prosecutor’s office, the criminal police bureau and the state security department working jointly on the case.
Kremlin’s hybrid warfare playbook targets EU states
Lithuanian MP Laurynas Kasčiūnas said there were “well-founded suspicions” that the cyber incident was a Kremlin operation. “Foreign intelligence can use data on people’s whereabouts in various ways depending on the goals. Addresses of homes, flats and estates of intelligence officers, diplomats, politicians are considered especially sensitive because knowing them enables surveillance, pressure and physical threats,” he said. The stolen data could be used to track routines, install cameras and sensors, and conduct cyber operations. Kasčiūnas warned that the information might be weaponised in the first hours of a conflict or during a large-scale hybrid attack. The attack is believed to have been carried out by cyber units of Russia’s Main Intelligence Directorate of the General Staff.
Lithuania as a prime target for Russian hybrid aggression
Since Russia’s full-scale invasion of Ukraine, the nature of cyber threats across the EU has completely changed. What was once primarily financially motivated hacking by Russian criminals has evolved into a tool of state-backed hybrid warfare. Lithuania, a key Baltic state, has repeatedly faced sabotage, arson, vandalism and information attacks. In April 2026, Vilnius charged 13 individuals with plotting two political assassinations on orders from Russian military intelligence. The Kremlin has also regularly launched DDoS attacks against Baltic transport systems, hospitals, energy grids and state registers, in what experts describe as deliberate attempts to paralyse normal life.
Testing ground for Russian cyber weapons
The methods and malware used against European networks are first tested in Ukraine, which has become a proving ground for Russian cyber tools. These techniques, once validated on Ukrainian systems, are subsequently deployed across the EU, causing widespread disruptions and data leaks. The Lithuanian case fits a broader pattern of Moscow’s cyber aggression against the bloc. Western officials argue that the theft of detailed records on Lithuanian security personnel, diplomats and politicians could result in “blacklists” published online with threats and calls for violence, or be used to identify targets in case of an armed attack on the Baltic states.
Implications for UK and NATO allies
The incident raises urgent security questions for Britain and its NATO partners. Protection of personal data of security officials must become part of the alliance’s military doctrine, experts say. Any similar Kremlin cyber operation should be treated as a threat to national sovereignty. For British citizens, the attack underscores how EU data systems remain vulnerable to Russian state-sponsored intrusions that could eventually affect data held by UK-linked institutions or raise the cost of cybersecurity defences. It also highlights the growing risk of hybrid warfare on Europe’s eastern flank, which could force increased British defence spending and troop deployments to the Baltic region. The case demands an immediate Western response, including stronger cyber defences and legal classification of such operations as acts of aggression.
