Lithuania: State Data Agency responsible for informing public on data leak, prosecutors say
Translated from Lithuanian, summarized and contextualized by DistantNews.
At a glance
News
Named sources
Under investigation
- Lithuania's Prosecutor General's Office stated that the State Data Agency (RC) was responsible for informing the public about a data leak.
- The RC contacted prosecutors on May 8 about the possibility of publicizing information, receiving no objection to details unrelated to the investigation.
- The RC allegedly leaked over 600,000 real estate registry excerpts, causing at least 111,000 euros in damages, with an investigation opened on April 15.
Lithuania's Prosecutor General's Office has clarified that the State Data Agency (RC) was tasked with informing the public about a significant data leak. Prosecutor General Nida Grunskienฤ stated that the RC approached prosecutors on May 8, inquiring about the possibility of releasing information. Prosecutors responded that they did not prohibit the disclosure of information not pertinent to the ongoing investigation.
The prosecutor decides when, to what extent, and what information to disclose when informing about a pre-trial investigation.
Grunskienฤ emphasized that the RC, as the data controller, should have handled public communication regarding the incident. The Prosecutor General's Office announced the launch of a pre-trial investigation on May 22, explaining that the announcement was made only after determining that publicizing the details would not jeopardize the investigation.
RC applied on May 8, asking about the possibility of publicizing information. The prosecutor replied that he does not prohibit publicizing information that is not related to the pre-trial investigation.
It is suspected that over 600,000 real estate registry excerpts were leaked from the RC between January and April, resulting in damages of at least 111,000 euros. The General Prosecutor's Office confirmed it initiated a pre-trial investigation on April 15, the same day it received a report about the incident. Former RC head Adrijus Jusas, who resigned, noted that the large-scale data breach was detected in early April, but the investigation initially limited the ability to report the incident. He added that relevant institutions, including the Ministry of Economy and Innovation (EIM), were immediately informed.
Regarding the disclosure of information, regarding informing the public about this incident โ I think it should have been done by (...) the data controller, currently, RC.
EIM Minister Edvinas Grikลกas highlighted that legal acts and data protection authorities dictate public notification procedures. He confirmed that the RC complied with the State Data Protection Inspectorate's (VDAI) directive to inform affected residents by May 27. Grikลกas stated his primary role was ensuring data security measures were taken and risks managed. His ministry first received initial information about a potential data security breach on April 3, but the full scope of the incident was not yet known at that time.
The State Data Protection Inspectorate made a decision on informing affected persons and instructed to do so by May 27. The Center of Registers fulfilled this order in the prescribed manner.
DistantNews Editorial
Originally published by Delfi in Lithuanian. Translated, summarized, and contextualized by our editorial team with added local perspective. Read our editorial standards.
More Stories
From Our Blog
What Gets Lost (and Found) When News Is Translated
The Critical Role of Diaspora Media in Global News
What Travellers Should Know About Countries with Restricted Press
A Digital Nomad's Guide to Following Local News
How the Same Story Looks Different in Different Countries
