Cyber Incident Victim: Poland
Date:
Apr 2025
Location:
Poland
Summary
Hackers launched a DDoS attack on Poland's State Registers System, disrupting access to several public services including the mObywatel app, tax filings, vehicle registrations, and related benefit applications. Authorities reported the attack was repelled, services were restored shortly afterward, and confirmed that no data breach or compromise of the registers occurred. The incident is under investigation by cyber police and the Internal Security Agency, with officials noting that such attacks often originate from Russia and that the country's cyber defenses continue to protect critical infrastructure.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On the morning of April 30, 2025, before noon, hackers launched a Distributed Denial of Service (DDoS) attack against Poland's State Registers System, which integrates the PESEL register, identity documents register, passport documents register, civil status register, contact data register, State Awards System, Central Register of Objections, Central Register of Voters, and the PESEL numbers blocking register. The attack was timed to coincide with the final day for filing personal income tax returns, submitting applications for the 800+ benefit for the new season, and registering for examinations under the Profilaktyka 40+ program. According to RMF FM, the attack was repelled, but the Ministry of Digitalization reported that between 10:00 and 11:00 there were transient difficulties accessing some public services, including the mObywatel application, tax settlement procedures, and vehicle registration services. Users experienced temporary interruptions when attempting to log into selected online services.
In response, the Ministry of Digitalization issued a statement confirming that the transient difficulties had been resolved and that no ongoing problems were observed, emphasizing that the incident did not affect the security of the state registers or the data they contain. Deputy Minister of Digitalization Paweł Olszewski commented on platform X that there was no confirmation of a successful cyberattack, describing the event as temporary service interruptions and noting that all services were functioning correctly at the time of his statement. Cyber police and the Internal Security Agency took charge of the investigation into the attack. Deputy Prime Minister and Minister of Digitalization Krzysztof Gawkowski reminded the public that Polish cybersecurity services daily repel attempts to target critical infrastructure, stating that Poland is among the most frequently attacked countries globally and that the direction of such attacks is often attributed to Russia, while affirming that the national cyber shield remains effective and data remain safe.
The State Registers System continued to operate normally after the incident, with the Ministry confirming that access to all integrated registers, including PESEL, identity documents, passport documents, civil status, contact data, State Awards, Central Register of Objections, Central Register of Voters, and PESEL numbers blocking, was restored and functioning without disruption. No data breach or compromise of register integrity was reported, and the Ministry maintained that the attack's impact was limited to short‑lived access issues rather than any lasting harm to the underlying databases or services.