Croatian authorities have launched an investigation after a major cybersecurity incident exposed the personal data of more than 560,000 students, teachers, and school employees, making it one of the largest data breaches ever recorded in the country’s education sector.
The breach affected the national education system managed by CARNET, Croatia’s academic and research network, which confirmed that unauthorized access had resulted in the leak of users’ personal information. The compromised data includes names, email addresses, school names, and user roles, although officials stressed that no passwords or financial information were exposed.
Following the discovery of the incident, CARNET announced that it had engaged external cybersecurity specialists to determine how the breach occurred, identify those responsible, and assess the full scope of the attack. Authorities have also begun a comprehensive security review of the affected systems.
The incident has raised serious concerns about the protection of personal information within Croatia’s digital education infrastructure, which serves hundreds of thousands of students and educators across the country. Experts warn that even without passwords being leaked, exposed personal data could potentially be used in phishing campaigns or other forms of cyber fraud.
Government officials have assured the public that the investigation is ongoing and that additional security measures will be introduced if weaknesses in the system are identified. Users of the affected platforms have also been advised to remain alert for suspicious emails or attempts to misuse their personal information.
The breach comes as Croatia continues expanding digital services in education, with more than half a million students, teachers, and academic staff relying on online platforms for everyday learning and communication. The incident is expected to prompt renewed debate over cybersecurity standards and data protection within the country’s public institutions.
