Poland hit by major cyberattack as hackers steal loan customers' data
Polish authorities are investigating a major cyberattack on an online loan platform that exposed the sensitive personal data of users and their families who have taken out loans.
Poland’s Deputy Prime Minister and Minister of Digital Affairs, Krzysztof Gawkowski, confirmed on Sunday via X that hackers had successfully targeted SuperGrosz, a financial services website.
He described the incident as “very serious,” saying that hackers had stolen personal data, including names, national ID numbers (PESEL), ID card data, home and email addresses, phone numbers, marital statuses, employment details, declared income, and bank account numbers.
⚠️KOLEJNY ATAK HAKERSKI ⚠️
undefined Krzysztof Gawkowski (@KGawkowski) November 2, 2025
Ostrzeżenie dla klientów serwisu Supergrosz (prowadzonego przez AIQLABS sp. z o.o.). W wyniku incydentu bezpieczeństwa dane części użytkowników trafiły w ręce przestępców.
Nad sprawą pracuje już CSIRT KNF i CSIRT NASK. Powiadomiony został Prezes…
“State services are working to identify the perpetrators,” Gawkowski wrote.
According to his statement, Poland’s national cybersecurity teams, CSIRT KNF (for financial institutions) and CSIRT NASK (for the national research network), have launched an investigation.
“The Personal Data Protection Office has also been notified,” he added.
Gawkowski urged all those affected to change passwords, enable two-factor authentication, and use the government’s mObywatel mobile app to block their PESEL number – a unique personal identification tool that can be used in cases of identity theft.
Have thoughts about this topic? Others do, too. Join them in the discussion.
“Such hacker attacks are becoming an everyday reality. Every company and institution should be as prepared as possible! Each of us must be especially cautious and alert to online fraud attempts. This is where criminals move, and this is where entire organized groups operate,” the politician’s X post read.
According to Polskie Radio, this incident follows another that occurred in the country on Saturday. BLIK, a mobile payment system, was temporarily out due to a DDoS attack on the national payment infrastructure.
Already at the time of announcing this news on X, Gawkowski claimed the situation was “returning to normal”.
⚠️WAŻNA INFORMACJA ⚠️
undefined Krzysztof Gawkowski (@KGawkowski) November 1, 2025
Od wczesnych godzin porannych obserwujemy zewnętrzny atak typu DDoS na polską infrastrukturę rozliczeniową, co wpływa na płynne działanie płatności - na przykład BLIKiem.
Trwają intensywne działania służb, aby wyeliminować skutki tego ataku.
Sytuacja…
Investigations into this weekend’s breaches are still ongoing, but are not new to Polish law enforcement. The country has faced a series of cyberattacks in recent months, many of which targeted strategic infrastructure, financial, and public sector systems.
Unlock more exclusive Cybernews content on YouTube.
