Cyber Incident Victim: Warsaw
Date:
Apr 2025
Location:
Poland
Summary
A distributed denial‑of‑service attack targeted Poland’s State Registers System, temporarily disrupting access to services such as mObywatel, tax filing and vehicle registration. Officials said the intrusion was repelled, noting only brief service interruptions and confirming that no data breach occurred, while cyber police and internal security agencies investigated. Government representatives emphasized that critical infrastructure defenses remain effective and that the attack did not compromise the security of the registers.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On April 30, 2025, before noon, hackers launched a distributed denial‑of‑service attack against Poland’s System Rejestrów Państwowych, the central platform that links the PESEL register, identity document registers, passport register, civil status register, contact data register, state decorations register, central register of objections, central voter register and the PESEL number blocking register. The attack was timed for the last day of filing PIT tax returns, submitting applications for the 800+ benefit and enrolling in the Profilaktyka 40+ health programme, with the aim of paralyzing the system. Although the assault was repelled, the Ministry of Digital Affairs reported temporary difficulties accessing some public services between 10:00 and 11:00, noting that logging into selected services could have been briefly disrupted. Users experienced possible interruptions with the mObywatel application, tax filing procedures and vehicle registration processes. The ministry emphasized that the incident did not compromise the security of the state registers or the data they contain. Cyber police and the Internal Security Agency took over the investigation of the incident.
Deputy Minister of Digital Affairs Paweł Olszewski stated on platform X that there was no confirmation of a successful cyberattack, describing the episode as only temporary service interruptions and adding that all services were functioning correctly afterward. Deputy Prime Minister and Minister of Digital Affairs Krzysztof Gawkowski reminded that Polish cybersecurity units daily repel attempts on critical infrastructure, noting that Poland is among the most frequently attacked countries in the world and that the direction of such attacks is often attributed to Russia. He affirmed that the country’s cyber shield remained effective and that data stored in the government registers stayed safe. By the time of the ministry’s statement, the reported access problems had ceased and no ongoing issues were observed. The government’s communications stressed that the incident was limited to transient disruptions and did not affect the integrity or confidentiality of the registered information.