Telekom Srbija Suffers Data Breach and Extortion Attempt Targeting m:SAT TV Users

Telekom Srbija, a telecommunications provider in Serbia, confirms a data breach on March 17, 2026. 

The incident targeted the database for its satellite television service, m:SAT TV. A threat actor group claimed responsibility for the breach and attempted to extort the company for an undisclosed amount of Bitcoin. The company officially acknowledged the incident following reports that a portion of their user database had been compromised.

The company described the attackers as an amateur group. Third-party reports indicate the breach originated from the exploitation of an internal scheduling portal. The attackers allegedly stole a database containing records for approximately 160,000 users. The threat actors remained in contact with the company following the theft, leading to a coordinated investigation involving the Serbian Ministry of Internal Affairs and the Department for High-Tech Crime.

The compromised data includes:

• Full names
• Residential addresses
• Dates of birth
• Phone numbers
• National ID numbers (disputed)

The number of affected individuals is approximately 160,000. The company claims sensitive identifiers like national IDs were not included but independent reports from platforms like Daily Dark Web suggest the leak contains highly sensitive personal identifiable information. 

Update - the threat actors have apparently leaked a file of 650,000+ records. 

Telekom Srbija immediately notified the Department for High-Tech Crime and began working with law enforcement to identify the perpetrators. The company's CEO, Vladimir Lučić, stated that they are using existing mechanisms to protect intellectual property and prevent the data from appearing online. 

The company maintains that telecommunications services is not interrupted and secure.