The Warsaw-Praga District Prosecutor’s Office has launched an investigation into the unauthorized access and theft of personal data belonging to 2,870,697 Cyfrowy Polsat customers in April 2026.
Prosecution Launches Investigation
The Warsaw-Praga District Prosecutor’s Office in Warsaw has initiated an inquiry into unauthorized access to part of the IT system of Cyfrowy Polsat S.A. According to the prosecutor’s office, the case involves the downloading of personal data from 2,870,697 individual customers.
The proceedings were launched on May 6, 2026. The unauthorized access is believed to have occurred between April 20 and 24, 2026, via the Internet from an undetermined location, resulting in the theft of 2,870,697 records.
Legal Proceedings and Detection
The case is being conducted under signature 3042-1.Ds.70.2026 and concerns acts defined under Article 267 § 1 and § 2 of the Penal Code in conjunction with Article 11 § 2 of the Penal Code. The notification was filed by the legal representative of Cyfrowy Polsat S.A., who reported abnormal server loads observed in April.
Internal company activities revealed that system security may have been bypassed, leading to the unauthorized downloading of individual customer data.
Scope of Compromised Data
The data specified by the prosecution includes full names, PESEL numbers, address details, identity document data, telephone numbers, and email addresses.
Investigative Actions
Current proceedings have included witness interrogations and the securing and analysis of computer equipment, IT and system data, and telecommunications data. The investigation aims to determine the method of unauthorized access, the scale of the leak, and the individuals involved, with some activities conducted through international cooperation.
The prosecution possesses the personal data of the victims but does not plan to interrogate all of them, as the event occurred without their knowledge. Those wishing to provide a statement may do so in writing or via email to the Warsaw-Praga District Prosecutor’s Office.
Cyfrowy Polsat’s Response
Cyfrowy Polsat informed customers that unauthorized access to personal data had occurred and notified the President of the Office for Personal Data Protection and law enforcement. The incident affected data processed under electronic communication service agreements, including names, correspondence addresses, phone numbers, emails, ID documents, PESEL, and NIP or REGON numbers.
The company emphasized that no customer passwords, login credentials, or payment card data were leaked, meaning there is no need for users to change passwords or block their cards.
Following the detection, the company blocked access to the devices used for the breach, restricted network access, disabled the compromised data, and introduced additional system monitoring.
Recommended Protective Measures
Cyfrowy Polsat suggested several remedies for affected individuals, including reporting unauthorized data use to the police and blocking PESEL numbers and identity documents.
The company also recommended using paid accounts in credit and economic information systems or opening free accounts at economic information bureaus to monitor financial liabilities.