Cyber Incident Victim: alio.lt

On July 1, 2022, Lithuanian online classifieds platform alio.lt publicly disclosed a cybersecurity incident involving unauthorized access to its systems. The company stated it had detected a cyberattack that potentially compromised client data. While alio.lt did not specify the exact intrusion method or timeline of initial compromise, it confirmed the attackers gained access to systems containing user information. The breach potentially affected approximately 345,000 client accounts registered on the platform. Upon detecting the incident, alio.lt immediately initiated internal investigation protocols and engaged external cybersecurity experts to analyze the breach scope. The company notified Lithuania's data protection authority, the State Data Protection Inspectorate (VDAI), in compliance with GDPR requirements. Technical teams worked to contain the incident by isolating affected systems and implementing additional security measures across their infrastructure.

Preliminary investigation findings indicated the attackers may have exfiltrated personal data including names, email addresses, phone numbers, and physical addresses of registered users. Alio.lt confirmed no financial data or payment card information was compromised as such data is processed through separate secured systems. The company began direct notifications to potentially affected users through email communications and platform announcements, advising them to remain vigilant against potential phishing attempts. Service operations continued without significant disruption during the response period. Alio.lt committed to ongoing cooperation with law enforcement agencies and regulatory authorities throughout the forensic examination process. The incident marked one of the larger data breaches affecting Lithuanian e-commerce platforms during that period based on the number of potentially exposed user records.