Cyber Incident Victim: Powiatowy Urząd Pracy w Żorach
Date:
Mar 2025
Location:
Poland
Summary
Powiatowy Urząd Pracy w Żorach experienced a ransomware attack that encrypted data on its core servers and disrupted client services. While no breach of data integrity was confirmed, unauthorized access to personal data such as names, PESEL numbers, addresses, bank account details, and other sensitive information cannot be excluded. The incident was reported to the national computer security incident response team, police, and the data protection authority, and recovery efforts were undertaken with the assistance of the IT service center.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On March 31, 2025, the Powiatowy Urząd Pracy w Żorach discovered that its basic servers, which hosted the office’s departmental systems, had been subjected to a ransomware attack involving intrusion, deletion, and encryption of data. Despite the presence of security measures and procedural safeguards, the attack succeeded, prompting the organization to treat the incident as a criminal act. The breach was reported immediately to the Krajowy Zespół Reagowania na Incydenty Bezpieczeństwa Komputerowego, the Police, and the Urząd Ochrony Danych Osobowych in accordance with legal obligations. While no violation of data integrity was detected, the possibility that unauthorized third parties may have acquired personal data could not be ruled out. The types of personal data that might have been accessed include surname and first name, parents' first names, date of birth, bank account number, residence or stay address, PESEL number, email address, data concerning earnings and/or owned property, series and number of identity card, and phone number.
The article notes that possession of such data could enable an unauthorized individual to engage in unlawful activities such as attempting to obtain loans from non‑bank institutions, attempting to conclude civil‑law contracts, attempting to fraudulently obtain compensation, setting up accounts on websites, forums, or shops that lack email or telephone verification, and attempting to access systems that handle medical benefits and view health‑status history. In response, the Powiatowy Urząd Pracy w Żorach immediately initiated remedial actions with the participation of its Centrum Obsługi Informatycznej. The organization stated that work was underway to restore the functionality needed to serve customers still on the day of the announcement. Contact information for further inquiries was provided, including the postal address ul. Osińska 48, 44‑240 Żory and the telephone numbers 32 43 42 790 and 661 977 300. The notice also referenced the obligation under Article 34 of the GDPR to inform data subjects of the possibility of a personal data breach.
The statement emphasized that the office had previously maintained protective measures and procedures aimed at safeguarding personal data, yet the ransomware incident demonstrated that those controls were insufficient to prevent the attack. By disclosing the incident to the relevant authorities and the public, the office sought to comply with transparency requirements and to enable affected individuals to take precautionary steps. The narrative concludes with the confirmation that the attack was identified as a criminal act and that the investigation and recovery efforts were ongoing at the time of the notice.