Polish authorities are investigating a series of cyberattacks that disrupted digital services and exposed personal data from several major companies, including a leading online lender and the country’s top mobile payment system.
Digital Affairs Minister Krzysztof Gawkowski said cyberattacks targeting Poland’s public and private infrastructure are becoming “commonplace.”
“We’re seeing thousands of incidents reported daily,” he added.
The largest breach hit online loan platform SuperGrosz, operated by AIQLABS, which confirmed that cybercriminals had stolen personal data belonging to at least 10,000 customers. The leaked information includes names, addresses, ID and tax numbers, phone contacts, employment details and bank account numbers, the company said in a statement. It warned that the true scale of the attack could be higher and urged clients to monitor for fraudulent credit activity.
In a separate incident, hackers launched a distributed denial-of-service (DDoS) attack on Poland’s payment infrastructure, briefly disrupting Blik, the country’s leading mobile payment system used for instant transfers and cash withdrawals, according to Gawkowski. Blik said on Monday that services had been restored after “temporary problems with processing payments.”
Another attack targeted Nowa Itaka, Poland’s largest travel agency, leaking names, emails, and phone numbers of customers, according to Gawkowski. The company said booking details, financial data, and account passwords were not affected.
Authorities have not confirmed whether the incidents are linked, but Gawkowski said the attack on Blik “leads to Russia,” calling it “the next stage of hybrid warfare.” Officials across Europe have warned about Moscow’s expansion of influence, espionage and sabotage campaigns.
Poland, one of Ukraine’s key allies and a NATO member, has faced a growing number of cyber intrusions since Moscow’s invasion in 2022. Gawkowski warned that 2025 could become a record year for cyberattacks, with both state and criminal actors expanding their focus from local utilities to financial and energy systems.
“Russian activity is the most severe because it targets critical infrastructure essential to maintaining normal life,” he said in a recent interview.
Recorded Future
Intelligence Cloud.
No previous article
No new articles
Daryna Antoniuk
is a reporter for Recorded Future News based in Ukraine. She writes about cybersecurity startups, cyberattacks in Eastern Europe and the state of the cyberwar between Ukraine and Russia. She previously was a tech reporter for Forbes Ukraine. Her work has also been published at Sifted, The Kyiv Independent and The Kyiv Post.
