Cyberattacks Target Romanian Public Institutions, Data Compromised

Cyberattacks Target Romanian Public Institutions, Data Compromised

First seen 17 Jul 2026, 12:49 UTC RedditFeeds2.FeedburnerRomania-InsiderInformat.Rowww.digi24.ro+4 87% similarity 71.0

Article Content

Browse articles
ThreatCluster

A wave of cyberattacks has targeted several Romanian public institutions, primarily affecting the National Agency for Cadastre and Land Registration (ANCPI) and the Ministry of Investments and European Projects. The attacks began on July 14, 2026, leading to significant disruptions, including the e-Terra application becoming non-functional. A phishing campaign utilizing a cloned version of the government payment portal ghiseul.ro has also been reported. The hacker group 'ByteToBreach' claimed responsibility for the ANCPI breach, exploiting a known vulnerability from 2021 and allegedly selling stolen data online. The ANCPI described this incident as the most severe technical attack in its history, with ongoing investigations into potential ransom demands. Authorities have confirmed that personal data of Romanian citizens has been compromised, raising concerns about the security of sensitive information. The Romanian government has issued warnings to citizens regarding phishing attempts related to traffic fines.

Key Points: • ANCPI suffered a severe cyberattack, marking the worst incident in its history. • Phishing campaigns using cloned government portals are targeting citizens. • The hacker group 'ByteToBreach' has claimed responsibility and is selling stolen data.

ThreatCluster AI

Timeline

2026-07-14
ANCPI cyberattack initiated
ANCPI's servers became non-functional due to a cyberattack, disrupting services.
Informat.Ro
2026-07-15
Stolen data put up for sale
Data from ANCPI, including personal information and source code, was listed for sale online.
Informat.Ro
2026-07-17
Phishing campaign reported
Authorities warned of phishing messages impersonating the Ministry of Transport, linked to the cloned ghiseul.ro.
Digi24
2026-07-17
ByteToBreach claims responsibility
The hacker group admitted to exploiting a vulnerability and selling the stolen data online.
Informat.Ro
Recent
Ongoing investigations launched
Romanian authorities are investigating the cyberattacks and potential ransom demands from the hackers.
Romania-Insider

Community

Browse all →