03 ноября 2025 г., 23:00
422
0
Poland’s digital affairs minister said data from SuperGrosz users was stolen in a cyberattack and handed to criminals. Response teams are investigating; officials promised a tool to check if individuals were affected.
Data from users of the SuperGrosz lending portal was stolen in a cyberattack and “ended up in the hands of criminals,” Poland’s deputy prime minister and digital affairs minister Krzysztof Gawkowski said on X. He called the situation “very serious” and said cyber security incident response teams CSIRT KNF and CSIRT NASK were handling the case.
Gawkowski said the stolen data included “e-mail addresses, first and last names, information on nationality, PESEL numbers [Poland’s national ID], identity card data, residential and mailing addresses, phone numbers, information on marital status, number of children, employment status, the name, address, tax ID (NIP) and phone number of the employer, declared industry and income, bank account numbers, [and a] Facebook portal identifier.”
The minister urged SuperGrosz customers to take immediate precautions: freeze their PESEL numbers in the mObywatel government app, change passwords, and enable two-factor authentication on all accounts. Polish authorities have likewise recommended two-factor authentication (2FA) and heightened vigilance for phishing attempts.
SuperGrosz is operated by AIQLABS, a company offering quick online loans. The operator confirmed on its website that a hacker attack enabled unauthorized remote access to part of its customer database through code created by the attackers. It said some data was stolen with a high risk of online disclosure, reported the incident to CSIRT KNF, CSIRT NASK and the data protection authority, and would email affected users. The company also posted information in the “Bezpieczne Dane” service.
The Polish Press Agency (PAP) reported that national incident response teams were engaged and that the matter had been escalated to data protection authorities, reiterating the minister’s description of the situation as “very serious.”
The breach comes amid a string of recent cyber incidents in Poland. On November 1, payment system BLIK reported service disruptions caused by a distributed denial-of-service (DDoS) attack.
The travel agency Nowa Itaka also disclosed a breach affecting some account data—such as email addresses and, in some cases, names and phone numbers—while saying booking, financial, participant and password data were not affected.
