CROATIA: Market authority reports cyber-attack on its computer system and the recovery measures

31 January 2024 — Daniela GHETU

The Croatian Financial Services Supervisory Agency (Hanfa) suffered a cyber-attack on its computer system on January 23, 2024. Both the causes and consequences of the attack are still under investigation, HANFA cooperating with all competent authorities to this end and to determine the total damage.

In cooperation with the competent institutions and external IT partners, immediately after the attack, HANFA started the urgent rehabilitation and recovery of the digital system. Hanfa's internal team, which includes employees from various fields, is working on this, with the additional engagement of external independent experts, the institution reported in a press release.

Thus, on Thursday, January 25, complete electronic communication was established, and the HANFA website was almost completely restored.

In the second phase, the publication of public registers and the renewal of the page for registered users of the HANFA reporting system (Reports) are expected. Therefore, the market authority asks all users of its information, the financial market and the general public for their understanding, because they will not be able to use the above in the upcoming period.

“HANFA, acting in accordance with the current regulations and taking into account the possible risk to the rights and freedoms of the individual, reported the incident to the competent authority for the protection of personal data and is doing everything to prevent the personal data of the respondents from being compromised. Security and protection of personal data and privacy are extremely important to us, and therefore we will regularly inform all respondents of new findings. Further measures of notifying the respondents are under consideration and depend on the results of the monitoring and internal and external investigations,” the institution stated, adding that regardless of the course of the event, it continues with regular work within its jurisdiction and are in direct contact with the subjects of supervision for the regular delivery and submission of all reports.

HANFA suggest that citizens continue to send their complaints related to non-banking financial services to the address as before. At the same time, it asks them to repeat all the inquiries that HANFA sent electronically on January 23 and 24, 2024, and send them to the same address. The contacts of all other services for all other inquiries can be found here .

In case of concern about personal data, respondents can contact the data protection officer at . Further information will be released after the completion of the investigation and after implementing the new functionalities of HANFA’s system.