By Miša Brkić
What do the Ministry of Justice, EPS, the Military Academy, the Cadastre, the Ministry of Defence, the Military Medical Academy (VMA), the Business Registers Agency (APR), Telekom Srbija… all have in common?
A cyberattack!
All of these state institutions and companies have recently been targets of cybercriminal attacks that have damaged their reputations, caused significant harm, and jeopardised the privacy of their clients and users. For example, the judicial information system was so severely disabled that, for about a month, not a single property transaction could be registered in the cadastre, as property records were not being updated.
The attacker of the Business Registers Agency’s data centre claimed to have “captured” a database containing a range of confidential information – from names, personal ID numbers and addresses of company owners, to scanned ID cards and passports, as well as bank account details. The theft of data belonging to 600,000 subscribers of Telekom Serbia’s m:SAT TV service – covering names, personal identification numbers, addresses, and even health-related information from January 2019 to December 2025 – drew major attention and once again highlighted the “dark” side of technological progress and the misuse of artificial intelligence. At the same time, it underscored the urgent need for more robust and advanced cybersecurity techniques and methods.
The rapid expansion of artificial intelligence and other cutting-edge technologies inevitably leads to more sophisticated crimes in the digital space. Experts’ warnings that Serbia – its state digital infrastructure and the data centres of industrial, telecommunications, retail and insurance companies, as well as banks – could face even more severe cybercrime this year point to the urgent need for better education and awareness. It is not enough to secure infrastructure, systems and networks with robust cybersecurity protocols alone.
The sophistication of the cyberattack on one of Telekom’s databases, and the resulting breach of user privacy, does not absolve the company of potential responsibility. The relevant state authorities will have to conduct an investigation to establish all the facts. This is important not only for Telekom and its clients, but also for the long-term approach to combating cybercrime, as trends clearly indicate further escalation in the misuse of artificial intelligence in the hands of criminals.
Telekom Serbia is not an isolated case among global telecommunications companies whose databases have been compromised. In March 2024, the American company AT&T announced that names, addresses, phone numbers, dates of birth, Social Security numbers and account PINs of around 7.6 million active and approximately 65.4 million former users had been found on the dark web.
In April 2025, cybercriminals breached the central system (Home Subscriber Server) of South Korea’s SK Telecom – the largest mobile operator with 25 million users – and accessed 25 types of data, including phone numbers, IMSI identifiers and SIM authentication keys.
An intelligent state or artificial intelligence run amok
The database of the Belgian company Orange was attacked in July last year, with cybercriminals gaining unauthorised access to the data of around 850,000 users. The third-largest French telecom operator, Bouygues Telecom, was breached in August last year, with attackers obtaining personal data from approximately 6.4 million accounts. In February this year, the Dutch provider Odido (formerly T-Mobile Netherlands) suffered a major cyberattack that enabled unauthorised access to a contact system involving 6.2 million users.
Cyberattacks are not limited to telecommunications companies.
In the second half of last year, cybercriminals had continuous unauthorised access to names, email addresses, phone numbers, home addresses, Social Security numbers and dates of birth of PayPal users. In November last year, 203 million records containing personal data were compromised in the KYC (“Know Your Customer”) database of the American company IDMerit, which specialises in identity verification solutions designed to prevent fraud and mitigate cyberattack risks.
In the same month, personal data and phone numbers of around 5.7 million passengers of the Australian airline Qantas Airways were leaked. On the penultimate day of last year, 400,000 sensitive medical documents relating to 120,000 patients were stolen from New Zealand’s ManageMyHealth portal. Similar cyberattacks had previously affected, among others, Dior, UniCredit Bank, Schneider Electric and Tesla Motors (a minor curiosity – the personal data of CEO Elon Musk was also exposed).
The development of artificial intelligence has enabled cybercriminals to stay one step ahead, regardless of the strength of security measures. CrowdStrike’s Global Threat Report for 2026 shows that the average breakout time has decreased by 65%, with attackers now needing an average of just 29 minutes to compromise data.
According to data from the European Institute for Management and Technology, global cybercrime is expected to cost the world $10.5 trillion this year – equivalent to twice Germany’s GDP. This serves as a stark warning that cybersecurity must be strengthened in every company, as well as within states and their institutions.
Dozens of conferences dedicated to protection against cybercrime are organised worldwide every day. The most recent major event was the Artificial Intelligence Fair in New Delhi, and it is no coincidence that one of its most important panels focused on cybersecurity. Participants included leading figures from major global technology companies and representatives of countries that are highly advanced in the use of data centres and artificial intelligence.
In the recently presented Serbia 2030 project, the construction of three additional large state data centres (in Belgrade, Niš, and another in Kragujevac) has been announced. In addition to state institutions and organisations, private companies will also be able to use their services. Many banks, retail firms, telecom operators and manufacturing companies are already building their own data centres, where they store data on millions of clients.
The latest cases, such as those involving the APR and Telekom, serve as a reminder that infrastructure is important – but knowledge and awareness of the need for protection must be deeply embedded in the fight against cybercrime. This is not just about safeguarding the reputation of the state, institutions and companies, but something far more important: protecting the privacy of consumers, users and clients.
(Danas, 31.03.2026)
https://www.danas.rs/kolumna/misa-brkic/raspojasani-sajber-kriminal/
Click Here For The Original Source.
