Skip to content

Romanian Land Registry Agency ANCPI Allegedly Breached and Hit With Ransomware, Citizen Data and Source Code for Sale

Breach Report Romania flagRomania Government Ransomware

Romanian Land Registry Agency ANCPI Allegedly Breached and Hit With Ransomware, Citizen Data and Source Code for Sale

A threat actor using the alias bytetobreach is advertising the sale of data they claim to have stolen from ANCPI, Romania's National Agency for Cadastre and Land Registration, which maintains the country's land-registry and property records. The actor describes a wide-ranging compromise of ANCPI's internal networks, claiming to have taken citizens' cadastre data along with a copy of the agency's source-code repositories for its core systems, and to have deployed ransomware. The actor links the incident to a recent government announcement that ANCPI's IT systems were shut down. The claim is unverified.

ScopeFull network
DataRecords + source code
CountryRomania flagRomania
Actorbytetobreach

Post details

TargetANCPI (land registry, gov)
CountryRomania flagRomania
SectorGovernment
ListingData for sale
DataCadastre records, source code
ImpactRansomware, IT shutdown claimed
Observed
Actorbytetobreach

!Allegedly included

  • Romanian citizens' cadastre data
  • Land-registry / property records
  • Internal databases
  • Source-code repositories
  • Core system source code
  • Ransomware deployment (claimed)
  • Linked to a government IT shutdown
  • Offered for sale

Screenshot

Potential impact

A compromise of a national land-registry agency is severe because its records underpin property ownership, transactions, and citizens' personal and address data across the entire country. Theft of the agency's source code would expose how its core systems work and aid future attacks, while a ransomware deployment against government infrastructure can disrupt essential public services, consistent with the reported shutdown of ANCPI's IT systems. If genuine, the exposure carries lasting risks of fraud, property-related crime, and identity theft for affected citizens. The claim is unverified.

iStatus

Unverified

This is a sale listing that also describes a network intrusion and a claimed ransomware deployment, promoted with multiple distribution and contact channels. The actor separately references a government notice about an IT-systems shutdown at the agency. The claim is unverified and ANCPI has not publicly confirmed the extent of any breach.

Want everything on this breach? Paid subscribers get the full claim details and more. Check out the threat feed, then after subscribing, search there for this alert. View pricing →

DARK WEB INFORMER - THREAT INTELLIGENCE

Latest