Cyber Incident Victim: Siły Zbrojne Rzeczypospolitej Polskiej
Date:
Jan 2022
Location:
Poland
Summary
A significant data breach exposed approximately 1.7 million records detailing the Polish military's material resources, including weapon systems, ammunition, spare parts for combat vehicles, specialized software, and procurement information from allied nations. The leak originated from the Logistics Planning Department of the Armed Forces Support Inspectorate in Bydgoszcz, where an IT specialist allegedly copied classified data from secure systems into a custom-built program that subsequently became publicly accessible. The compromised records revealed comprehensive inventory statuses, equipment deficiencies, and maintenance specifics across all military units, providing strategic insights into defense capabilities. Security experts warned that such information holds high intelligence value for foreign actors, particularly for assessing operational readiness and verifying source credibility. Investigations focused on determining whether the exposure resulted from negligent handling or deliberate espionage.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On January 9, 2022, a dataset containing 1,757,390 records detailing the Polish military’s material resources appeared online. The breach originated from the Logistics Planning Directorate within the Armed Forces Support Inspectorate in Bydgoszcz, an entity responsible for military procurement and equipment storage. The leaked data, extracted from classified systems—the Unified Material Index (Jednolity Indeks Materiałowy) and selected databases of the Ministry of National Defense’s Integrated Multi-Level IT System (ZWSI RON)—covered the period from June to September 2021. It included comprehensive inventories of military assets: firearms, ammunition, spare parts for combat vehicles, tanks, fighter jets, artillery systems, naval vessels, and specialized software licenses. Specific foreign-sourced equipment, such as U.S.-made F-16s, German Leopard tanks, Israeli Spike anti-tank missiles, and legacy Soviet-era hardware, was enumerated. Non-combat items like uniforms, underwear, office supplies, kitchen equipment, and ceremonial items (e.g., flags, diplomas) were also exposed, alongside procurement details for promotional materials and unit-specific budgets. The dataset revealed operational vulnerabilities, including equipment shortages and maintenance statuses, providing a granular view of Poland’s military readiness.
The Armed Forces’ National Cybersecurity Centre (Narodowe Centrum Bezpieczeństwa Cyberprzestrzeni) detected the leak on January 10 and notified military services. Investigators identified a probable cause: an IT specialist at the Bydgoszcz Inspectorate had copied restricted data into a self-developed program, consolidating disparate systems into a single, unsecured repository that subsequently leaked. The files included an "eJIM User Manual" bearing the Inspectorate’s letterhead and the names of two employees, one marked as the "author." Military counterintelligence assessed the data’s strategic value, noting its utility to foreign adversaries—particularly Russia—for assessing Poland’s defensive capabilities, verifying intelligence sources, or planning offensive operations. No evidence confirmed whether the breach resulted from negligence (e.g., unauthorized data aggregation for workflow convenience) or deliberate espionage. An internal investigation to determine the leak’s origin and intent remained ongoing at the time of reporting. The exposure compromised sensitive details on software tools for digital forensics, email analysis, and military system management, alongside procurement contracts and logistical priorities across all organizational units of the Polish Armed Forces.