The recent exposure of over 560,000 personal records of Croatian students and teachers has sparked significant concern among educators, parents, and cybersecurity experts. The data, which includes names, email addresses, school affiliations, and user roles, was publicly shared on an internet forum, raising alarms about potential breaches in the country’s educational system. According to reports from local media outlets such as *Dnevnik.hr* and *Dnevni avaz*, the breach involves a cryptographically encrypted file containing sensitive information linked to more than 1,452 schools across Croatia. This incident marks one of the largest security incidents in the history of public institutions in the country.
The data, which appears to have been sourced directly from the national education system, contains precise and verifiable entries. Reporters from *Dnevnik.hr* confirmed the authenticity of the data by cross-referencing it with their own children's information, as well as that of colleagues and affiliated schools. The file reportedly holds exactly 563,509 unique entries, each including the full name of the student or teacher, the name of their school, and their official email address, all under the domain *@skole.hr*. Notably, the database includes records of older students but lacks entries for younger ones, suggesting either a partial backup or a specific method of data retrieval that excludes certain age groups.
This anomaly has led cybersecurity professionals to consider two possible explanations for the breach. One theory suggests that the data might have leaked through a connected application that only retrieves active accounts, which are typically used by older students. Another possibility points toward an outdated security backup that includes former generations of students, while the youngest students remain excluded. These findings highlight the complexity of identifying the exact origin of the breach, as the data seems to span multiple years and potentially different systems within the educational infrastructure.
In response to the breach, the Croatian Academic and Research Network (CARNET) issued a statement warning users about increased risks of targeted phishing attacks and other forms of social engineering. While there is currently no indication that the network itself has been compromised, CARNET emphasized the importance of heightened vigilance when receiving unsolicited emails requesting personal information. They also assured the public that there is no immediate need to change passwords unless further investigations reveal vulnerabilities. However, they pledged to keep the public informed through official channels as the investigation progresses.
The incident has raised serious concerns about the safety of personal data, especially given the large number of minors affected. Cybersecurity experts warn that the availability of this information could facilitate identity theft, fraud, and other malicious activities online. Parents and educators alike are now urged to monitor their digital presence and take additional precautions to protect their families and students. As the situation unfolds, the Ministry of Science, Education, and Youth has yet to officially comment on the matter, though ongoing investigations are expected to clarify the extent of the breach and determine responsibility.
With the public now aware of the breach, the focus shifts to how best to mitigate its impact and prevent similar incidents in the future. The involvement of both local media and national research networks underscores the gravity of the issue and the need for coordinated efforts to safeguard educational data. As the investigation continues, the broader implications for data privacy and institutional security will likely shape the discourse around digital safety in Croatia’s educational sector.
2 reports
N1 Bosna i HercegovinaIndependentCenter6 days ago Leaked data on more than 560,000 Croatian students and teachersA large security breach has occurred in Croatia's education system, with over 563,509 records of students, teachers, and other users from 1,452 educational institutions being publicly shared on an internet forum. The data includes names, email addresses with the domain @skole.hr, school names, and user roles. The breach was discovered by journalists at Dnevnik.hr who verified the accuracy of the data through personal checks. Experts suggest the data might come from an outdated backup system or a connected application using active accounts. While there is no indication that login credentials were exposed, cybersecurity experts warn of increased risks of phishing attacks and identity theft. CARNET, a Croatian academic network, has launched an investigation into the origin of the data and advises users to remain cautious when receiving emails requesting personal information.
Bias read (Center): The article presents a factual report on a cybersecurity incident without overtly criticizing or praising any political entity. It focuses on the technical and institutional implications of the data leak rather than taking a partisan stance. The framing remains neutral, emphasizing expert warnings,
Dnevni avazParty-alignedCenter6 days ago Procurili podaci više od 560 hiljada hrvatskih učenika i nastavnikaA large data breach affecting over 560,000 students and teachers in Croatia has come to light, marking one of the largest security incidents in the country's history of public institutions. The incident was first reported on an internet forum, where a encrypted file containing personal information was shared. After verification by Dnevnik.hr, it was confirmed that the data is authentic and not a false alarm or test data. Analysis revealed that the database includes names, school addresses, user types, and email addresses with the domain @skole.hr, covering 1,452 schools. Notably, there were no records of younger students, suggesting possible issues with data collection methods. Experts consider two possibilities: either the data leaked through educational applications or it is an older backup copy of the system. Given the nature of the data, cybersecurity experts warn of potential risks such as phishing attacks. The Ministry of Science and Education has yet to officially confirm the extent of the breach.
Bias read (Center): The article presents a factual report on a significant data breach without overtly criticizing or praising any political entity or ideology. It focuses on the technical and security aspects of the incident rather than taking a partisan stance. While the implications of the breach could have broader,
★
Keep the news honest.
ObjectiveNews is reader-funded and ad-free — we show you the bias instead of hiding it. Support independent journalism for €5/month.
Become a Supporter