VYPR
breachPublished Jul 16, 2026· 1 source

Romanian Land Registry Crippled by Cyberattack, Data Allegedly for Sale

Romania's National Agency for Cadastre and Land Registration (ANCPI) has been hit by a cyberattack that disrupted its e-Terra system, with threat actors claiming to offer stolen data on the dark web.

Romania's National Agency for Cadastre and Land Registration (ANCPI) experienced a significant disruption on July 14th when its e-Terra cadastre and land registry application became inaccessible to users. Initially described as a major technical incident, the agency has since confirmed the event was a cyberattack, though investigations into the precise circumstances are ongoing.

The outage has had a direct impact on real estate transactions, halting many that were in progress. ANCPI estimated that the e-Terra application would remain unavailable until the end of that week, prompting concerns about business continuity and the reliance on digital systems. Experts have highlighted the critical need for robust backup and failover provisions in such essential digital infrastructure.

Adding to the severity of the incident, a threat actor known as "ByteToBreach" has surfaced on a dark web forum, claiming to possess and offer for sale data allegedly stolen from ANCPI. The actor's claims include compromising sensitive data of Romanian citizens, copying the agency's GitLab servers and source code, and deploying ransomware.

As proof of their intrusion, the threat actor provided screenshots taken during the attack. ByteToBreach has a documented history of selling data stolen from various global organizations, often employing a combination of exploiting known vulnerabilities, using compromised credentials, and leveraging brute-force or misconfiguration access.

Cyber threat intelligence firm KELA Cyber notes that ByteToBreach's modus operandi involves exfiltrating employee records, databases, backups, and sensitive documents, which are then sold or leaked. The firm has previously corroborated many of the actor's claims, suggesting a high likelihood that their current assertions regarding the ANCPI breach may be substantiated.

While ByteToBreach's claims remain unverified by ANCPI, their track record lends credibility to the possibility of a significant data exfiltration. The agency has stated that its IT systems' data was not compromised, but this assertion is directly challenged by the threat actor's public sale of alleged stolen information.

The incident underscores the persistent threats faced by government and land registry systems, which often hold vast amounts of sensitive personal and financial data. The potential sale of this data on the dark web poses a significant risk of identity theft, fraud, and further exploitation for affected individuals.

Investigations by competent state institutions are continuing to ascertain the full scope of the attack, the methods used by the threat actor, and the extent of any data compromise. The situation highlights the ongoing challenges in securing critical national infrastructure against sophisticated cyber threats.

Synthesized by Vypr AI