Cyber Incident Victim: EuroCert
Date:
Jan 2025
Location:
Poland
Summary
A ransomware attack compromised EuroCert's servers, resulting in unauthorized access to personal data including identification details, contact information, PESEL numbers, ID card data, usernames, passwords, and images belonging to clients, contractors, and employees. The incident caused loss of data confidentiality and availability, though the company confirmed no compromise of issued physical or cloud-based digital certificates due to physical security controls and cryptographic key protections. Law enforcement, national cybersecurity authorities, and data protection regulators were notified, with investigations ongoing by police and CERT Polska to address the breach's scope and mitigate risks associated with exposed personal information.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On January 12, 2025, during nighttime hours, EuroCert Sp. z o.o. experienced a ransomware attack that compromised the confidentiality and availability of personal data stored on its servers. The Warsaw-based company, acting as a data controller under GDPR, confirmed the malicious software encrypted files but explicitly ruled out any compromise of qualified certificates issued to clients. Physical certificates stored on cards or tokens remained secure as they were not housed within EuroCert’s infrastructure, requiring both device access and PIN codes for use. Cloud-based ECSigner certificates also retained integrity, with cryptographic keys unaffected; however, all associated passwords were reset as a precaution, mandating users to set new credentials alongside existing two-factor authentication via one-time mobile codes. Immediate containment actions included halting further data breaches, notifying law enforcement agencies, and engaging the Police and CERT Polska for investigation. EuroCert concurrently reported the incident to Poland’s Personal Data Protection Office, classifying it as a high-risk breach under GDPR due to the sensitivity of exposed data. The company prioritized restoring IT system functionality while cooperating with authorities to determine the attack’s origin and scope.
The breach potentially exposed identification details, contact information (email addresses, phone numbers), PESEL numbers, full names, dates of birth, ID card series and numbers, usernames and/or passwords, and images of clients, contractors, and employees. Consequences outlined by EuroCert included unauthorized marketing activities, personal rights violations through data publication, harassment or blackmail risks, heightened phishing attempts, fraudulent account creation, and identity theft enabling loans, insurance fraud, or civil contract abuses. Specific threats involved misuse of PESEL numbers to access medical records, impersonation in civic processes like participatory budgeting, prepaid SIM card fraud, and evasion of penalties using stolen identities. EuroCert directed affected individuals to secure PESEL numbers through government portals, monitor credit activity via authorized bureaus, and remain vigilant against unsolicited financial or social media interactions. The firm emphasized ongoing collaboration with investigative bodies to address operational disruptions and mitigate reputational damage, while maintaining communication through its Data Protection Officer, Magdalena Chmielewska, at [email protected] for breach-related inquiries. No evidence suggested systemic weaknesses in certificate issuance processes, though data recovery and system remediation efforts continued post-incident.