A new wave of cyberattacks has hit several websites in Croatia, including government-related pages, local institutions and private companies, raising concerns over the country’s digital security response.
The incidents are being linked to a hacker group calling itself INF Group, which recently claimed responsibility for attacks on Croatian web pages. One of the most notable cases involved the website of Croatia’s Ministry of Labor, Pension System, Family and Social Policy, where a section of the site was briefly altered and used to display political and nationalist messages.
Croatian officials have publicly downplayed the incident, saying the attack was limited to the public-facing website and did not affect internal databases or sensitive systems. The ministry said the compromised account was used only for access to the website’s content management system and that the incident had been reported through the country’s cyber incident platform.
However, the hacker group has claimed a much larger breach. According to posts circulating on hacker forums and Telegram channels, the group alleges it obtained tens of thousands of records containing private information belonging to Croatian citizens and companies, including names, identification numbers, dates of birth and data connected to paid fines and court-related records.
Croatia’s Personal Data Protection Agency said it had not received an official personal data breach report from the ministry, but it has opened a procedure on its own initiative to determine whether personal information was exposed.
The attacks appear to go beyond a single government website. In recent days, altered pages and provocative messages have reportedly appeared on websites connected to several Croatian institutions, including health services, the City of Zagreb and multiple private companies.
Cybersecurity observers say the campaign may be more focused on publicity and provocation than direct financial gain. Still, the alleged exposure of personal data on dark web platforms has raised questions about whether affected citizens will be properly notified and whether Croatian authorities are responding quickly enough.
The group is believed to be newly active and is reportedly trying to build credibility through public defacements and claims of data theft. For Croatian institutions, the incidents highlight a broader vulnerability: even attacks that begin with a compromised website password can damage public trust if the full scope of the breach is not quickly and transparently explained.
