What happened in the cyberattack on the Serbian Business Registers Agency (APR)?

The Serbian Business Registers Agency (Agencija za privredne registre — APR) was targeted in a cyberattack reported on March 20, 2026. A threat actor claimed to possess sensitive data including full names, national identification numbers (JMBG), home addresses, copies of identity cards and passports, financial reports, bank account details, share ownership records, professional licenses, and court documents. The APR stated that an external user account used to access one of its application systems had been compromised.

What data was allegedly exposed in the APR cyberattack?

The threat actor claimed to be in possession of full names, national identification numbers (JMBG), home addresses, copies of identity cards and passports, financial reports and credit scores, bank account details and forced collection records, share ownership and real estate records, professional licenses, and court prohibitions, liens, and leasing contracts.

How did the APR respond to the cyberattack?

The APR stated that after a thorough investigation, an external user account accessing one of its application systems had been compromised. The Agency characterized the event as an isolated incident and asserted that it did not jeopardize the security or integrity of its overall information system. The APR claims its databases were not compromised and that all personal and user data submitted through its application systems remained fully secure.

Is the APR cyberattack connected to the Telekom Serbia data breach?

The APR cyberattack occurred just three days after a major data breach at Telekom Serbia that exposed approximately 160,000 customer records. While no direct connection between the two incidents has been confirmed, the Serbian Commissioner for Information of Public Importance had already launched proceedings in connection with the Telekom Serbia breach, and additional scrutiny of the APR incident is expected.

How many people were affected by the APR cyberattack?

The number of affected individuals and the nature of the attack have not been disclosed by the APR. However, the threat actor's claims regarding identity documents, financial records, and bank account data suggest exposure well beyond what is publicly accessible through the APR's registries under Serbian law.

Incident

Serbia's Business Registers Agency Targeted by Threat Actor Linked to Telekom Serbia Breach

published: March 20, 2026

Learn More

The Serbian Business Registers Agency (Agencija za privredne registre - APR), the government institution responsible for maintaining records on all registered companies, entrepreneurs, and legal entities in Serbia, has been targeted in a cyberattack. The incident, reported on March 20, 2026, occurred just three days after a major data breach at Telekom Serbia that exposed approximately 160,000 customer records.

The threat actor claimed to be in possession of a significant volume of sensitive data including:

full names,
national identification numbers (JMBG),
home addresses,
copies of identity cards and passports,
financial reports and credit scores,
bank account details and forced collection records,
share ownership and real estate records,
professional licenses,
court prohibitions, liens, and leasing contracts.

The APR responded by stating that after a thorough investigation, it was determined that an external user account used to access one of the Agency's application systems had been compromised. The Agency characterized the event as an "isolated incident" and asserts that it did not in any way jeopardize the security or integrity of its overall information system, which continued to operate without disruption. The APR claims that its databases were not compromised and that all personal and other user data submitted through its application systems remained fully secure.

The number of affected individuals and the nature of the attack have not been disclosed. The APR reminded the public that data and documents in its registries are publicly available through its website in accordance with Serbian law.

The threat actor's claims, especially regarding identity documents, financial records, and bank account data suggest exposure well beyond what is publicly accessible. The Serbian Commissioner for Information of Public Importance has already launched proceedings in connection with the earlier Telekom Serbia breach, and additional scrutiny of this incident is expected.

Serbia's Business Registers Agency Targeted by Threat Actor Linked to Telekom Serbia Breach

Read More
France employment agency Travail reports second data breach …
Department of Defense is reporting on the 2023 …
Calvia local government reports cyberattack
Newburgh city reports ransomware attack
NoName ransomware gang claims attacks on Ukraine government …