The Warsaw-Praga District Prosecutor’s Office has launched an investigation into an unauthorized breach of Cyfrowy Polsat’s IT systems that compromised the personal data of 2,870,697 individual customers.
Investigation and Legal Proceedings
The Warsaw-Praga District Prosecutor’s Office in Warsaw initiated an investigation on May 6, 2026, regarding unauthorized access to part of Cyfrowy Polsat S.A.’s IT system. The breach is estimated to have occurred between April 20 and 24, 2026, via the internet from an undetermined location.
The case is registered under reference number 3042-1.Ds.70.2026 and involves acts defined under Article 267 § 1 and Article 267 § 2 of the Penal Code, in conjunction with Article 11 § 2. The proceedings were triggered by a notification from Cyfrowy Polsat’s representative, who reported abnormal server loads in April.
Scope of the Data Leak
Internal company activities indicated that security measures were bypassed, leading to the download and transmission of 2,870,697 records. The stolen personal data include full names, PESEL numbers, residential addresses, identity document details, phone numbers, and email addresses.
Law Enforcement Actions
Current investigative steps include witness interrogations and the securing and analysis of computer equipment, system data, and telecommunications records. Efforts are focused on determining the method of access, the full scale of the leak, and identifying the perpetrators, with some actions conducted via international cooperation.
The prosecutor’s office possesses the personal data of the victims but does not intend to interview everyone, as the event occurred without their knowledge. Individuals wishing to provide a statement may do so in writing or via email to the Warsaw-Praga District Prosecutor’s Office.
Company Response and Security Measures
Cyfrowy Polsat informed customers that it notified the President of the Personal Data Protection Office and law enforcement. The company stated that the incident affected data processed under electronic communications service agreements, including NIP or REGON numbers.
The company emphasized that no logins, passwords, or payment card data were leaked, meaning there is no need for users to change passwords or block cards. Upon detection, the company blocked access to the devices used in the attack, limited network access, and implemented additional system monitoring.
Recommended Actions for Victims
Cyfrowy Polsat suggested several remedial steps for affected individuals, such as reporting unauthorized attempts to use their data to the police and blocking their PESEL and identity documents.
Additionally, the company recommended using paid accounts in credit and economic information systems or setting up free accounts to monitor financial obligations through business information bureaus.
