MZOM: A data breach involving 560,700 users, no indication that the firewalls were compromised.
The Ministry of Science, Education, and Youth (MZOM) confirmed that 560,700 users of school systems were affected by a data leak incident. According to preliminary findings, the leaked data does not include compromised passwords or authentication systems. The ministry stated that schools will receive guidance from the National CERT on protecting against data leaks, and such advice is already publicly available on CARNET and National CERT websites. CARNET has activated procedures for managing security incidents and initiated technical and forensic analysis involving independent external experts. Preliminary results suggest the data was not taken from any CARNET system but resembles data from third-party systems. The ministry emphasized that users should remain cautious of messages requesting passwords or personal information, avoid opening suspicious links or attachments, and use strong, unique passwords. Users are advised to report any suspected fraud or irregularities immediately to [email protected]. The ministry has filed a criminal complaint against an unknown perpetrator for unauthorized data disclosure and reported the incident to the Personal Data Protection Agency. At this,
More than half a million students and teachers in Croatia have had their personal data leaked, sparking widespread concern and prompting immediate investigations. The breach involves names, surnames, roles, school names, and official email addresses of individuals associated with primary and secondary schools across the country. This incident has raised alarms about cybersecurity vulnerabilities within the Croatian education system and has led to urgent calls for increased awareness and protective measures among users.
The leak was first discovered when a cryptographically encrypted file containing hundreds of thousands of records was posted on an online forum. According to reports, the file includes information such as the full names of students and teachers, their respective schools, their roles (whether they are students or educators), and their official email addresses ending in "@skole.hr". These details were confirmed to be accurate after verification by journalists and experts who cross-checked them against real-life data related to their children and colleagues.
CARNET, the Croatian Academic and Research Network, which manages the national academic network and provides IT services to educational institutions, has acknowledged the breach and stated that it has initiated an extensive technical and forensic analysis to determine the origin of the data and how it ended up in the public domain. According to Ana Smoljo, deputy director of CARNET for digital identity and communications, preliminary results suggest that the data did not originate from CARNET's systems but rather resembles data from third-party systems. However, she emphasized that the investigation is ongoing and more concrete conclusions will follow once all analyses are completed.
Authorities have also taken notice of the situation. The Agency for the Protection of Personal Data (AZOP) has launched an urgent oversight process regarding CARNET due to the unauthorized disclosure of personal data. They have reminded users that while there is no indication that the operation of CARNET’s services has been compromised, vigilance remains crucial. AZOP has specifically advised parents to be cautious of potential phishing attempts targeting their children via email, urging them to avoid opening suspicious links or attachments and not to share personal information unless verified.
Educational authorities and officials have responded to the breach with caution and urgency. Minister of Justice, Administration, and Digital Transformation, Damir Habijan, warned that similar incidents could become increasingly common in the future, emphasizing the need for prevention, education, and strengthening security measures. On the other hand, Prime Minister Andrej Plenković downplayed the severity of the breach, stating that the leaked data primarily consisted of non-sensitive information such as typical email addresses used by students and teachers, which are not considered confidential.
The Ministry of Science, Education, and Youth has confirmed its awareness of the issue and is collaborating closely with CARNET to investigate further. They have also informed schools that they should advise students and staff to remain vigilant against potential cyber threats, particularly phishing attacks, which can exploit the exposure of personal data.
Experts in cybersecurity, including Nino Talian, have highlighted the seriousness of the breach despite the lack of evidence indicating a direct system penetration. He noted that while CARNET maintains high levels of security, no system is entirely immune to breaches. He urged organizations to regularly assess their risk levels, conduct thorough checks, and ensure appropriate organizational, technical, and procedural measures are in place.
As the investigation continues, the focus remains on identifying the source of the breach and implementing additional safeguards to prevent further leaks. The incident underscores the importance of maintaining robust cybersecurity practices and fostering a culture of awareness and caution among users, especially concerning the handling of personal information in digital environments.
Go to the primary sources (3)
The official sources this coverage is built on. Read them directly to bypass framing.
Following the discovery of a data leak involving over 560,000 Croatian students and teachers, expert Đuro Lubura warned against both dramatizing and downplaying the incident. He explained that while the leaked data includes names, surnames, email addresses, schools, and roles (student or teacher), this limited set of information does not immediately pose significant harm but could be used for targeted phishing attacks. Lubura emphasized that an investigation is needed to determine the exact cause of the breach. He noted that the data likely did not originate from CARNET’s system but may have come from third-party platforms like Microsoft or Google services used by students, which CARNET provides access credentials for. CARNET has initiated an internal investigation into the matter.
Bias read (Center): The article presents a balanced perspective, quoting an expert who cautions against both overreaction and underestimation of the issue. The framing remains neutral, focusing on technical aspects and the need for further investigation rather than taking a clear ideological stance.
HRT (Hrvatska radiotelevizija)State / PublicCenter3 days ago
A security breach has exposed personal data of approximately 560,000 students and teachers, raising concerns over data protection procedures. In an episode of 'U Mreži' on the first channel, the issue was discussed, highlighting the causes and potential consequences of the incident. Ana Smoljo, assistant director of CARNET, stated that the database included names, addresses, school names, and user roles, but there were no indications that passwords or authentication systems had been compromised. She explained that CARNET immediately initiated a security incident management process, including technical and forensic analysis by external experts. Preliminary results suggest the data did not originate from CARNET’s services but rather from third-party systems. A criminal report was filed against an unknown perpetrator for unauthorized disclosure of data, and the Ministry of Education reported the case to the Agency for Personal Data Protection. Marko Gulan, a cybersecurity expert, emphasized the severity of the incident due to the involvement of minors and questioned why such a large number of records went unnoticed. Duje Prkut, CEO of Politiscope, noted that data protection laws stipu
Bias read (Center): The article presents a balanced account of the incident, citing multiple sources including CARNET representatives, cybersecurity experts, and legal professionals. It does not take a clear ideological stance, focusing instead on factual reporting and procedural responses. The tone remains objective,雖
HRT (Hrvatska radiotelevizija)State / PublicCenter3 days ago
More than 560,000 Croatian students' and teachers' personal data were leaked online, sparking concerns over cybersecurity. In an interview with HRT's 'Studija 4,' expert Đuro Lubura stated that the data likely did not originate directly from CARNET, the national education infrastructure provider, but rather from third-party platforms like Microsoft or Google services used by students. He emphasized that while the leaked information—such as names, email addresses, and roles—does not immediately pose significant harm, it could be exploited for targeted phishing attacks. Lubura warned against both downplaying and exaggerating the incident, noting that such breaches are increasingly common in a digitized society. He also explained that the dark web, where the data appeared, hosts illegal activities under surveillance by security agencies.
Bias read (Center): The article presents technical analysis and expert opinion without overtly favoring any side. It avoids emotional language and provides balanced context about the breach, its potential risks, and the ongoing investigation. The framing remains neutral, focusing on facts and expert commentary rather
Over 560,000 personal records of Croatian students and teachers have been leaked, including their names, roles, school names, and official email addresses. The investigation into who stole the data and why is ongoing. CARNET, the academic and research network, stated that the data likely did not come from their systems but from third-party sources. They have initiated technical and forensic analyses to determine the origin. The Data Protection Agency has issued an emergency notice, while child rights lawyer Tatjana Katkić Stanić called for swift action from authorities. CARNET warned of increased risks of social engineering attacks like phishing. Minister Damir Habijan expects more such incidents in the future, while Prime Minister Andrej Plenković downplayed the severity, stating there were no sensitive details in the leaked emails.
Bias read (Center): The article presents information from multiple sources, including CARNET, the Data Protection Agency, and government officials, without overtly favoring any side. It includes quotes from both critics (child rights lawyer) and defenders (Prime Minister), providing a balanced view of the situation.
The article reports on a data breach involving over half a million student and staff records from Croatian schools. The data was reportedly leaked through an encrypted file shared on an internet forum, though the exact origin remains unclear. The Croatian Agency for Digital Transformation (CARNET) has confirmed that the data does not appear to have been stolen directly from their system but rather resembles data from third-party systems. They have initiated a criminal investigation against an unknown perpetrator and emphasized the importance of cybersecurity measures, education, and system strengthening. School administrators have warned students and staff to be cautious with electronic mail and avoid sharing personal information. Prime Minister Andrej Plenković stated that the data primarily consists of school email addresses and basic user information, not sensitive data.
Bias read (Center): The article presents a balanced account of the incident, citing multiple authorities including CARNET, school administrators, and government officials. It avoids taking sides on the political implications of the data breach, focusing instead on factual reporting and expert responses. While there is輕
HRT (Hrvatska radiotelevizija)State / PublicCenter4 days ago
A data breach involving over 560,000 students' and teachers' personal information from the Croatian public education system (CARNET) has raised concerns about cybersecurity. Cybersecurity expert Nino Talian warned of potential phishing attacks and emphasized the need for caution. The breach includes names, surnames, emails, and roles within the system, but there is no evidence of a direct hacker attack or system penetration. Talian noted that while CARNET has invested in cybersecurity measures, absolute security cannot be guaranteed. He stressed the importance of ongoing risk assessments, controls, and awareness across all levels of organizations.
Bias read (Center): The article presents a balanced overview of the cybersecurity incident, including expert commentary and technical details without overtly favoring any side. It focuses on the breach itself, the response by authorities, and general cybersecurity principles rather than taking a stance on political or官
More than 500,000 records containing personal information such as names, email addresses, and school names of students and staff were leaked into the public domain in Croatia. The data was reportedly published on an online forum in a cryptographically encrypted file. CARNET, the national research and education network, has launched a technical and forensic investigation to determine the origin of the leak and whether the data came from their system or from third-party systems. Authorities have warned schools and individuals to be cautious with emails and avoid sharing personal information or making payments based on suspicious messages. Prime Minister Andrej Plenković stated that the leaked data primarily consisted of non-sensitive information like school email addresses and basic user data. A rapid oversight process has been initiated against CARNET, and criminal charges are being prepared against an unknown perpetrator for unauthorized disclosure of over half a million records.
Bias read (Center): The article provides a balanced account of the data breach, including statements from CARNET, warnings from educational authorities, and comments from high-ranking officials like the Prime Minister and the Minister of Justice. There is no evident ideological framing or biased language; the focus is
A data breach involving personal information of students and teachers in Croatian schools has been reported, with 563,500 unique records leaked. The data includes names, user types, school names, and institutional email addresses ending in '@skole.hr'. This suggests the breach may involve a database maintained by the Croatian Academic and Research Network (CARNET). CARNET confirmed the breach and warned users of increased risks of targeted phishing attacks and social engineering. The Data Protection Agency (AZOP) initiated urgent oversight of CARNET under official duty due to unauthorized disclosure of personal data. AZOP emphasized that data controllers must report breaches within 72 hours unless unlikely to pose risks to individuals' rights. Parents were advised to monitor their children’s emails and warn them against suspicious links or sharing login credentials. The Ministry of Education confirmed involvement in handling the incident and stated there was no compromise of passwords or authentication systems. Guidelines from the National CERT for data breach protection have been shared with schools.
Bias read (Center): The article provides a balanced account of the data breach, including statements from CARNET, AZOP, and the Ministry of Education. It does not exhibit overtly biased language, one-sided sourcing, or omission of context. The focus is on informing the public about the breach and the measures being采取,
The Ministry of Science, Education, and Youth (MZOM) confirmed that 560,700 users of school systems were affected by a data leak incident. According to preliminary findings, the leaked data does not include compromised passwords or authentication systems. The ministry stated that schools will receive guidance from the National CERT on protecting against data leaks, and such advice is already publicly available on CARNET and National CERT websites. CARNET has activated procedures for managing security incidents and initiated technical and forensic analysis involving independent external experts. Preliminary results suggest the data was not taken from any CARNET system but resembles data from third-party systems. The ministry emphasized that users should remain cautious of messages requesting passwords or personal information, avoid opening suspicious links or attachments, and use strong, unique passwords. Users are advised to report any suspected fraud or irregularities immediately to [email protected]. The ministry has filed a criminal complaint against an unknown perpetrator for unauthorized data disclosure and reported the incident to the Personal Data Protection Agency. At this,
Bias read (Center): The article provides a balanced account of the data breach incident, including the number of affected users, the nature of the leaked data, and the steps being taken by authorities. It includes quotes from the ministry and mentions both the actions taken and the lack of evidence regarding password妥协
The Ministry of Science, Education, and Youth (MZOM) has confirmed involvement in addressing a data breach affecting 560,700 users of school systems. Preliminary findings suggest that passwords or authentication systems were not compromised, and the leaked data does not appear to originate from CARNET systems but resembles data from third-party systems. The ministry states that CARNET has initiated security incident management procedures, including technical and forensic analysis by independent experts. Users are advised to remain cautious of suspicious messages requesting personal information and to use strong, unique passwords and multi-factor authentication where available. The ministry has filed a criminal complaint against an unknown perpetrator for unauthorized data disclosure and reported the incident to the Personal Data Protection Agency. No immediate password changes are required at this time, though further measures will be communicated if necessary.
Bias read (Center): The article provides a balanced report on the data breach, citing the Ministry’s statements and outlining the steps being taken by CARNET and the National CERT. It includes warnings to users and mentions the filing of legal actions without taking a clear ideological stance or using biased language.
The Ministry of Science, Education, and Youth (MZOM) confirmed involvement in addressing a data leak affecting 560,700 users of school systems. According to preliminary findings, passwords or authentication systems were not compromised. The ministry stated that schools would receive guidance from the National CERT for data breach protection, and instructions are already publicly available on CARNET and National CERT websites. CARNET activated security incident management procedures and initiated technical and forensic analysis involving independent external experts. Preliminary results suggest the leaked data does not originate from CARNET systems but resembles data from third-party systems. The data includes names, email addresses, school names, and user roles. Users are advised to remain cautious of messages requesting passwords or personal information and to avoid opening suspicious links or attachments. They are encouraged to use strong, unique passwords and multi-factor authentication where possible. The ministry has filed a criminal complaint against an unknown perpetrator for unauthorized data disclosure and reported the incident to the Personal Data Protection Agency. There
Bias read (Center): The article provides a balanced report on a data breach incident involving educational institutions, focusing on the actions taken by the Ministry of Science, Education, and Youth, CARNET, and the National CERT. It presents factual information without overtly favoring any particular side or using sl
The Croatian Postal Bank (HPB) has warned its customers about increased phishing activity involving fake websites designed to trick users into verifying personal information. These fraudulent sites mimic HPB's legitimate online presence and attempt to collect sensitive data through deceptive links. The bank advises customers not to click on suspicious links or share personal information via email, WhatsApp, Viber, or other apps. This warning comes amid reports of heightened scammer activity targeting financial institutions' clients.
Bias read (Center): The article provides a straightforward warning from a financial institution about phishing scams without taking a stance on the issue. It presents factual information about the threat and offers clear advice to customers, avoiding any ideological or political framing.
The Agency for Personal Data Protection (AZOP) has initiated an investigation into CARNET over unauthorized disclosure of personal data involving students and teachers from Croatian schools. The agency announced this on Monday after public awareness of the breach. AZOP stated it will take necessary actions against responsible parties if they are involved. The Ministry of Science, Education, and Youth confirmed being informed about the unauthorized sharing of data related to approximately 560,000 students and educators. AZOP warned parents about increased phishing attempts and internet scams, urging them to monitor messages their children receive and advise them not to open suspicious links or share login credentials. Parents were advised to discuss online safety with their children and verify the authenticity of communications claiming to come from educational institutions.
Bias read (Center): The article presents factual information regarding a data protection issue without overtly favoring any political stance. It focuses on the regulatory response by AZOP and the advisory measures provided to parents, maintaining neutrality in its framing.
HRT (Hrvatska radiotelevizija)State / PublicCenter4 days ago
The Croatian Data Protection Agency (AZOP) has initiated an investigation into CARNET, the national IT service provider, following reports of unauthorized disclosure of personal data of students and teachers from Croatian schools. The agency emphasized that data protection officers must report incidents within 72 hours if there is a risk to individuals' rights and freedoms. While CARNET confirmed awareness of the unauthorized data sharing and is investigating the authenticity of the data, they stated that their services remain unaffected and user credentials and authentication systems have not been compromised. Parents are advised to monitor messages their children receive and warn them against opening suspicious links or sharing personal information.
Bias read (Center): The article presents a factual account of an ongoing regulatory investigation without overtly favoring any political stance. It provides balanced information regarding both the actions taken by AZOP and the response from CARNET, without emphasizing ideological positions or taking sides in the matter
The Croatian Data Protection Agency (AZOP) has initiated an urgent oversight procedure against CARNET after information emerged about the unauthorized publication of personal data of students and teachers from Croatian schools. The agency warns of increased risks of phishing attacks and other forms of internet fraud, particularly emphasizing the need for parents to monitor their children's email activity. According to GDPR regulations, data controllers are required to notify supervisory authorities within 72 hours of discovering a breach unless it is unlikely to pose a risk to individuals' rights and freedoms. AZOP states they have not yet received an official report of a data breach from CARNET but continue to monitor the situation and will take further legal measures if necessary.
Bias read (Center): The article presents factual information about a data protection issue involving educational institutions and the regulatory response by AZOP. It does not exhibit overtly biased language, one-sided sourcing, or omission of context. The content focuses on informing the public about potential risks of
The Croatian Data Protection Agency (AZOP) has initiated urgent oversight proceedings against CARNET after reports of unauthorized disclosure of personal data of students and teachers from Croatian schools. According to AZOP, this action was taken based on official duty following information about the breach. The agency emphasized that it had not yet received any reports from data controllers regarding the violation. In accordance with the General Data Protection Regulation (GDPR), data controllers are required to report such incidents within 72 hours unless it is unlikely to pose a risk to individuals' rights and freedoms. AZOP warned that the incident could lead to an increase in phishing attacks and other forms of online fraud targeting affected users. Parents were advised to monitor their children's emails and warn them not to open suspicious links or share usernames, passwords, or other personal information via email. CARNET confirmed that it became aware of the unauthorized sharing of data related to primary and secondary schools and immediately launched extensive technical and forensic analysis to determine the authenticity, scope, origin, and method by which the data came 2
Bias read (Center): The article presents the situation objectively, citing both AZOP and CARNET's responses without apparent bias. It includes warnings from AZOP and details from CARNET without taking a stance on who is at fault.
The Croatian Data Protection Agency (AZOP) has initiated urgent oversight proceedings against CARNET due to suspected unauthorized disclosure of personal data of students and teachers from Croatian schools. The agency stated that further actions will depend on the findings of the investigation and may involve other data processors if their involvement is confirmed. AZOP emphasized that no report of a data breach had been received from the data controller yet, as required by Article 33 of the General Data Protection Regulation. The incident reportedly involved email addresses of students and teachers, raising concerns about potential phishing attacks and online scams targeting these individuals. Parents were warned to be cautious of suspicious messages and to educate children about internet safety. Earlier reports indicated a significant data leak from Croatia's education system, with encrypted files containing hundreds of thousands of records, including names, roles, school names, and official email addresses. Analysis suggested some data was older, possibly originating from compromised applications or backup systems.
Bias read (Center): The article presents factual information about a data protection issue involving educational institutions and the relevant regulatory body. It does not exhibit clear ideological bias, loaded language, or one-sided sourcing. The content focuses on procedural actions taken by the Data ProtectionAgency
The Croatian Data Protection Agency (AZOP) has initiated urgent oversight proceedings against CARNET after reports of unauthorized disclosure of personal data of students and teachers from Croatian schools. CARNET confirmed it was aware of the incident and has begun a technical and forensic analysis to determine the authenticity, scope, and origin of the leaked data. The leaked information reportedly includes names, email addresses, school names, and user roles, though the full extent of the breach is still under investigation. AZOP emphasized that its oversight could expand to other entities if they are found to be involved in the incident. Additionally, AZOP warned that the exposure of email addresses could lead to increased phishing attacks targeting students and teachers, urging parents and educators to remain vigilant.
Bias read (Center): The article presents factual information about a data protection issue involving a national agency and an educational institution. It does not exhibit clear ideological framing, loaded language, or one-sided sourcing. The content focuses on procedural actions taken by AZOP and CARNET, with balanced,
The Data Protection Agency (AZOP) has initiated an urgent investigation into a data breach involving student and teacher information. According to AZOP, the investigation was launched based on currently available information about the incident, and further actions will be taken if other responsible parties are found to be involved. So far, AZOP has not received any reports of personal data breaches from the data controller. The agency reminds data controllers of their obligation under Article 33 of the General Data Protection Regulation (GDPR), which requires them to report data breaches to the supervisory authority within 72 hours of becoming aware of the incident, unless it is unlikely to pose a risk to individuals' rights and freedoms. AZOP has issued a warning about potential phishing attacks targeting students and teachers due to the exposure of email addresses in the breach. Parents are being specifically urged to monitor messages sent to their children’s email accounts and warn them against suspicious links or sharing login credentials and personal information via electronic mail.
Bias read (Center): The article provides a factual account of a data protection issue and does not exhibit clear ideological framing, loaded language, or one-sided sourcing. It focuses on procedural obligations under GDPR and includes warnings about cybersecurity risks without taking a stance on the matter.
A large data leak involving over 560,000 Croatian students and teachers has been reported after encrypted files containing personal information were published online. The files include names, email addresses, school names, and user roles. CARNET, which manages educational services in Croatia, confirmed they are analyzing the origin and scope of the leaked data but stated there is currently no indication that their services are at risk. They have warned users to be cautious of potential phishing attacks and urged them to avoid sharing personal information via email. The Ministry of Science, Education, and Youth also confirmed they are in communication with CARNET and conducting an investigation into the authenticity and extent of the leaked data. Meanwhile, a mother of a student who is enrolling in high school reported difficulties accessing the enrollment tracking website.
Bias read (Center): The article presents factual information about a data breach affecting educational institutions, with quotes from both CARNET and the Ministry of Science, Education, and Youth. It does not exhibit clear ideological bias, loaded language, or one-sided sourcing. The focus is on informing the public of
★
Keep the news honest.
ObjectiveNews is reader-funded and ad-free — we show you the bias instead of hiding it. Support independent journalism for €5/month.