The State Data Protection Inspectorate is conducting investigations into personal data security breaches at the Centre of Registers and the Migration Department (individual complaints will not be examined)
The State Data Protection Inspectorate (SDPI) has received notifications about personal data security breaches at the Migration Department under the Ministry of the Interior and at the State Enterprise Centre of Registers, where data processed in the Real Estate and Legal Entities registers have been leaked.
VDAI has initiated investigations into these incidents on its own initiative. For this reason, please be informed that individual complaints will not be examined, and the public will be informed about the results of the investigations as soon as decisions have been made.
General safety recommendations
Scammers take advantage of not just leaked data, but news about recent incidents. We therefore urge you to stay aware and remember these safety recommendations:
1. Use only official sources to get information.
Information about possible data breaches, their scope, and possible consequences should only be sourced from official channels: the web sites of the Centre of Registers, State Data Protection Inspectorate, police, banks, and other competent institutions.
Never click on links received by SMS, e-mail, or social media. When accessing web sites, the safest methods are typing the official URL into your web bowser’s address bar yourself or connecting by way of trustworthy e-government means of access.
2. Be careful about fraudulent phone calls, SMS, and e-mail messages.
After incidents such as these, attempts to commit fraud may increase. Scammers may present themselves as representatives of the Centre of Registers, banks, police, the State Tax Inspectorate, the Social Security Office, insurance companies, or other institutions, as well as bailiffs (enforcement agents) or notaries.
Be especially wary of messages asking you to urgently provide personal data, bank login details, credit/debit card information, or Smart-ID or Mobile-ID codes, or to confirm a payment, pay a purported debt, or “confirm” real estate data.
Keep in mind that official institutions never ask for login codes, bank passwords, or confirmation of financial operations by telephone, SMS, or e-mail.
3. Strengthen your electronic account security.
Review how secure your most important electronic accounts are. First of all, you should change the passwords for your e-mail, social media, IT systems and other important accounts, especially if the passwords are weak, old, or used for several accounts.
Passwords should be unique, without using them for other systems. Where possible, enabling the use of two-factor authentication is recommended.
4. Keep an eye on your bank accounts and any possible obligations in your name.
Paying closer attention to your bank accounts and credit/debit card operations is recommended. If identifying data have been breached, there is a risk that they can be used in an attempt to complete a transaction or to assume obligations in the affected person’s name.
If you have reasonable suspicion of fraud or identity theft, contact the police.
5. Don’t rush to follow any instructions, especially urgent ones.
Never rush to act, particularly if it isn’t clear who is contacting you and on what basis. When in doubt, end the phone call or correspondence and contact the organization using its official, published contact details.
6. Save any evidence you have of suspicious activities.
If you receive suspicious SMS messages, e-mail, or phone calls or notice possible misuse of your data, save any evidence you have: screen shots, telephone numbers, e-mail addresses, the contents of messages, bank notifications, contract or order information, correspondence, etc.
This information may be necessary when contacting competent institutions regarding possible infractions.
Last updated: 27-05-2026
Related news:
Fine imposed on doctor for personal data protection violations
Heads of Baltic data protection authorities share insights at practical conference
Company fined for personal data breaches
Activities of the State Data Protection Inspectorate in 2025
Biržai Hospital fined for improper processing of personal data