Cyber Incident Victim: Gmina Nowiny

On or around December 9, 2021, the Municipality of Nowiny in Poland’s Świętokrzyskie region suffered a ransomware attack compromising resident data. The incident began when an employee inadvertently opened an infected link, triggering malware that encrypted municipal servers. Administrative personnel detected unauthorized access to four databases containing citizen information on December 9, the same day the breach was discovered. Attackers exfiltrated sensitive personal identifiers including full names, mothers’ maiden names, residential addresses, dates and places of birth, and government-issued PESEL identification numbers. Additional compromised records included national ID card numbers, personal bank account details, and contact telephone numbers. The malware’s encryption of systems disrupted municipal operations, though the specific duration of service interruptions was not disclosed. No ransomware group claimed responsibility, and the attackers’ identity remained unknown as of the reporting date.

Municipal authorities publicly acknowledged the breach through official website announcements and social media channels on December 9. The disclosure confirmed data theft rather than mere system encryption, indicating attackers accessed and copied records prior to deploying ransomware. Impacted individuals faced elevated risks of identity theft and financial fraud due to the comprehensive nature of exposed identifiers, particularly the combination of PESEL numbers with banking details. The municipality did not specify whether ransom demands were received or whether data recovery efforts succeeded. No information was provided regarding containment measures beyond the initial detection by system administrators, forensic investigations, or coordination with national data protection authorities. The incident highlighted vulnerabilities in local government cybersecurity practices through human error exploitation.