Due to this incident, the General Prosecutor’s Office has initiated a pre-trial investigation. It is suspected that more than 600 thousand NTR extracts may have been illegally affected in total.
Read more Lithuanian «OBDeleven» year: 25% growth and 6 million connected cars
Whose and what data was disclosed?
The following data recorded in the NTR extract was disclosed:
- first name, last name, personal code, date of birth;
- real estate data (real estate address, registration number, unique real estate item numbers, cadastral data);
- existing property rights or legal facts and their registration basis (document date, number, title).
No personal contact data (phone or email address), payment information for services provided by the Register Center, bank account number, or any documents (for example, real estate transfer agreements, court decisions, cadastral measurement documents, building layout plans, etc.) were disclosed.
How to find out if my personal data was disclosed?
By logging into a special technical solution in the Register Center’s self-service system (login is required by confirming your identity electronically), individuals can check themselves whether their personal data was disclosed.
Those unable to use the mentioned technical solution in the Register Center’s self-service system can obtain this information by visiting any of the customer service departments in person (it is necessary to have an identity document with you).
Why can’t information about the data leak be obtained by phone or email?
Since we cannot reliably verify a person’s identity by phone or email (when an official request signed with a qualified electronic signature is not provided), we cannot provide such information.
What to do if I find out that my personal data was disclosed?
We emphasize that only the information contained in the NTR extracts was disclosed, but no personal contact data, such as phone or email address, payment information for services provided by the Register Center, bank account number, or any documents, such as real estate transfer agreements, court decisions, cadastral measurement documents, building layout plans, etc., were disclosed.
Nevertheless, it is worth remembering that malicious actors often try to:
- exploit human emotions to extract the information they need using social engineering techniques;
- may try to trick you into revealing various login or other important personal data, offer some fictitious services, and urge you to pay for them.
Be attentive and cautious about messages or direct contacts asking you to provide any personal information.
Even if the caller or in an email, Facebook message addresses you by name and surname or mentions some information about your real estate, you should carefully and critically evaluate:
- any calls to log into your bank account;
- not to click on suspicious or unclear links, etc.
We emphasize that the Register Center, when informing residents about the disclosure of their personal data, does not send any emails or SMS messages to residents. A technical solution has been created for this in the Register Center’s self-service, and those unable to log in with electronic identity means can visit the company’s branch in person.
Can malicious actors sell or mortgage my property?
No, even having an NTR extract, malicious actors cannot conclude any real estate transactions on your behalf, as such actions are performed by a notary who verifies the identity of the parties to the transaction and information in a special system designed for concluding and confirming such transactions, which has direct links to the data and documents in the NTR database.
I found out that my data was leaked at the beginning of the year, but the Register Center only announced it in May?
The Register Center first reported the incident to all necessary law enforcement agencies, which immediately began cooperation to determine the scope of the incident, possible perpetrators, motives, and the overall impact on society. The responsible law enforcement agencies initiated a pre-trial investigation, during which certain public communication restrictions are mandatorily applied to all participants in the process.
Read more «With tears» Širvys leaving Slovenia – attention from the Champions League breakout player
Understanding the Register Center’s obligation to properly inform individuals whose data was leaked, the company immediately began designing and creating an appropriate technical solution for informing such a large number of people. This also required time.
How long will it be possible to learn about my data leak?
Information about whether personal data was disclosed will be provided to residents as long as there is a need – months or years.
Where to apply for compensation? To whom can I submit a complaint about leaked data?
Currently, there is no objective data on actual damage suffered by data subjects due to the personal data security breach. However, if such damage is suffered and proven, residents can apply to the court for compensation in the general procedure.
The Register Center has submitted a report on the personal data security breach to the supervisory authority – the State Data Protection Inspectorate. The State Data Protection Inspectorate announced that it has started an investigation into this case, so individual complaints from persons will not be considered. In addition, the police are conducting a pre-trial investigation into this case.
How was the data leaked?
There was no hacking into the systems and registers managed by the Register Center.
Third parties gained access to the data through another institution, which is a legitimate data recipient and receives data by electronically connecting to the user accounts of the NTR managed by the Register Center. Data recipients and their employees are responsible for the proper protection of login means and the use of data according to the purpose specified in the contracts.
The Register Center is implementing additional login measures for information systems, continuing to monitor and analyze data provision so that if there are doubts about possible illegal data use, data provision will be suspended.
Are my data safe now? How will the Register Center ensure data security?
Yes, the data is safe.
Upon learning about the incident, the Register Center immediately blocked the suspected user accounts, restricted access of other users of this data recipient with a requirement to update login data.
To ensure greater security for logging into the Register Center’s information systems, additional security and personal identification measures have been implemented, which will help prevent cases where attempts are made to access systems using someone else’s login data.
The Register Center will continue to monitor and analyze data provision with the help of technical solutions, and if there are doubts about excessive or possibly illegal data use, data provision will be suspended.
State Data Inspectorate’s memo for residents
The State Data Protection Inspectorate has prepared a memo with general security recommendations for residents after a personal data security breach. You can familiarize yourself with it here.
Read more Sweden halves the price of public transport monthly tickets due to the energy crisis
