Cyber Incident Victim: UAB Delfi
Date:
Jul 2022
Location:
Lithuania
Summary
alio.lt experienced a cybersecurity incident involving unauthorized access to its systems, potentially compromising personal data of approximately 345,000 customers. Exposed information included names, email addresses, phone numbers, physical addresses, and encrypted passwords. The company promptly secured affected infrastructure, initiated internal investigations, and notified relevant data protection authorities. Impacted users received direct communications advising password changes as a precautionary measure while forensic analysis continued to assess the full scope of the breach. No evidence of financial data misuse was identified during initial response efforts.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 0 motives | 0 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On or around July 1, 2022, Lithuanian online classifieds platform alio.lt, operated by UAB Delfi, experienced a cybersecurity incident involving unauthorized access to its systems. The company publicly disclosed the breach on the same day, characterizing it as a sophisticated cyberattack. While the specific attack vector and intrusion timeline were not detailed in public statements, the incident resulted in potential exfiltration of customer data. UAB Delfi initiated immediate containment measures upon detection, including securing affected systems and launching an internal forensic investigation. The company engaged cybersecurity experts to analyze the breach scope and collaborated with Lithuanian law enforcement agencies. Official notifications were submitted to the State Data Protection Inspectorate (VDAI), Lithuania's data protection authority, in compliance with GDPR requirements.
The incident potentially compromised personal information of approximately 345,000 alio.lt users, though the company did not specify which exact data elements were accessed. UAB Delfi issued direct communications to affected customers advising heightened vigilance against potential phishing attempts leveraging the stolen information. No operational disruptions to alio.lt's services were reported following the containment actions. The company maintained public transparency through press releases but did not disclose technical details about the attackers' identity or methodology. Investigations remained ongoing with cooperation between corporate security teams, external forensic specialists, and government authorities to determine the full impact and origin of the breach.