ANCPI hacker claims financial motive, apologizes for disruption as systems remain offline
The hacker, known as 'ByteToBreach', admitted to selling stolen property records online after breaching Romania's ANCPI, citing financial motives and expressing regret for the disruption caused. ANCPI confirmed the attack as its most severe technical breach, with core services still offline and sensitive data compromised. Authorities are working with cybersecurity experts to restore operations.

The hacker who breached Romania's National Agency for Cadastre and Real Estate Publicity told journalists Tuesday that he sold stolen property records online but apologized to the agency's IT team for the disruption, according to Euronews Romania.
The attacker, who uses the alias 'ByteToBreach', confirmed to Euronews Romania via encrypted messaging that the cyberattack was financially motivated. ANCPI's email systems and e-Terra land registry platform remained offline Thursday evening, days after the breach paralyzed the agency's core services.
"Îmi pare rău pentru problemele pe care le-am cauzat pentru cetățeni și pentru echipa IT care lucrează acum din greu la ANCPI," the hacker wrote. He described himself as acting alone, not as part of a criminal group, and said he is of Algerian origin.
ANCPI confirmed the attack in a public statement, calling it the most severe technical breach in the agency's history. The agency said servers became non-functional starting July 14 and that it was cooperating with cybersecurity specialists to restore operations. No timeline for full service restoration has been provided.
Stolen data includes property records, names, addresses, and national identification numbers. The hacker confirmed he is selling the information online but denied demanding an exorbitant ransom. "Oricărui om întreg la minte i-ar fi rușine să ceară un astfel de preț. Aceste lucruri se discută doar între părțile relevante," he told Euronews Romania, indicating that any payment negotiations were private.
Romanian authorities opened an investigation into the breach, focusing on ransom demands and the sale of stolen data. Law enforcement agencies are examining potential exposure of millions of Romanians to identity theft or property fraud.
The hacker claimed the breach exploited a vulnerability known since 2021. "Îi respect prea mult pe angajații de la IT pentru a le critica munca," he said, declining to blame individual employees for the agency's cybersecurity weaknesses.
ANCPI manages the national land registry and property records. The e-Terra platform is used to access cadastral documents, register property transactions, and verify ownership records. Real estate agents and law firms reported delays and cancellations Thursday, with some clients unable to complete sales or register new ownership.
The outage has disrupted legal proceedings and public access to cadastral records. Notaries and lawyers said they cannot access documents necessary to finalize transactions.
Cybersecurity experts have warned for years that many Romanian state institutions rely on outdated IT systems. The vulnerability exploited by 'ByteToBreach' had not been patched despite being known since 2021, raising questions about the agency's response to previous warnings and its investment in security upgrades.
The hacker said he does not intend to sell the data "to just anyone" but confirmed the stolen information is being offered for sale online. ANCPI has not disclosed how many records were compromised. The agency's databases contain information on millions of properties and owners across Romania.
The government promised a thorough investigation and a review of digital security practices across state agencies. Critics have pointed to the use of platforms such as Wordpress for critical public services and questioned the capacity of vendors with limited staff to secure government infrastructure.
Romania's National Cyber Security Directorate is participating in the investigation, according to officials familiar with the matter. The directorate coordinates responses to cyber incidents affecting government infrastructure.
The ANCPI breach is the second major attack on the e-Terra platform in 2024. Officials said this incident is far more damaging due to the volume and sensitivity of data exposed.
ANCPI's leadership has not commented on whether the agency received a ransom demand directly, nor on the steps being taken to notify affected individuals. The agency urged citizens to monitor their personal data and report suspicious activity to authorities.
Romanian law requires public institutions to report data breaches to the National Supervisory Authority for Personal Data Processing and to notify affected individuals when there is a risk to their rights and freedoms. As of Thursday, ANCPI had not published a list of steps for citizens to check whether their records were included in the breach.
Property fraud, identity theft, and phishing attacks are potential risks for those whose data has been leaked. The agency's databases include property titles, associated documents, contact information, and national identification numbers.
On social media, users criticized both the agency's security practices and the broader state of digital infrastructure in Romania. Some called for resignations or criminal investigations into the management of public IT contracts.
The government recently awarded a €427 million contract for a new government cloud platform to a consortium including Trencadis and Metaminds. The same companies involved in the ANCPI platform are among those responsible for building and securing the new infrastructure, raising concerns about the security of future digital services.
ANCPI has not responded to specific questions about the breach, including the timeline for patching known vulnerabilities or the measures taken since 2021 to improve security. The agency said only that it is working with cybersecurity specialists and law enforcement to restore services and protect citizens' data.
By Thursday evening, the agency's core platforms remained offline.
Comentarii
Fii primul care comentează.

