Brinztech Alert: The Alleged Database of Connectivity Grant Government Portal is Leaked

Dark Web News Analysis

The dark web news reports a concerning data privacy incident involving the Government of Cyprus, specifically targeting the Connectivity Grant Government Portal (gigavoucher.dmrid.gov.cy). A threat actor is claiming to have extracted a database containing 72,921 lines of data on February 10, 2026.

The portal manages the “Gigabit Upgrade” subsidy scheme, which provides financial vouchers to residents upgrading their internet connections. The alleged leak contains highly sensitive Personally Identifiable Information (PII) of beneficiaries, including Full Names, Physical Addresses, National IDs, Dates of Birth, Email Addresses, and Phone Numbers. A significant portion of the data reportedly relates to customers of CYTA (Cyprus Telecommunications Authority), suggesting that subscribers of the national provider may be disproportionately affected.

Key Cybersecurity Insights

Breaches of government subsidy portals are “Tier 1” identity threats because they link citizens’ financial eligibility with their verified government identities:

• The “Voucher” Phishing Vector: The most immediate risk is targeted Spear Phishing. Attackers know exactly who applied for the grant, their provider (CYTA), and their address. They can send emails claiming, “Your Gigabit Voucher of €120 has been suspended pending ID verification.” Because the email cites real application details, the success rate of this scam is likely to be very high.
• National ID Exposure: The leak of National IDs and Dates of Birth is critical. In Cyprus, this combination is often used for identity verification in banking and government services (TAXISnet). Criminals can use this data to impersonate victims, apply for loans, or access other e-government services fraudulently.
• Supply Chain/Provider Risk: The heavy presence of CYTA data raises questions about where the breach occurred. Was it the central government portal (gigavoucher) itself, or was it an API vulnerability used by providers like CYTA to submit beneficiary data? If it’s an API breach, other providers (Epic, Primetel, Cablenet) might also be at risk via the same connector.
• Home Invasion Risk: The database links High-Speed Internet installations to Physical Addresses. While less common, sophisticated burglars sometimes use such lists to identify homes likely to have expensive electronics (gaming PCs, smart home devices) that require gigabit connections.

Mitigation Strategies

To protect Cypriot citizens and the integrity of the digital grant scheme, the following strategies are recommended:

• Official Confirmation: The Deputy Ministry of Research, Innovation and Digital Policy must urgently verify the claim. If confirmed, the gigavoucher portal should be taken offline for forensic analysis.
• Beneficiary Notification: All 72,921 affected individuals must be notified via SMS (using a verified sender ID). They should be warned that no government official will ask for bank details or passwords to “release” the voucher.
• CYTA Customer Alert: CYTA should issue a specific advisory to its subscriber base, warning them of potential impersonation attempts by fake support agents claiming to need remote access to “configure the gigabit upgrade.”
• ID Monitoring: Affected citizens should monitor their credit reports and bank statements closely. If National IDs were leaked, they may need to request a reissue of their documents to invalidate the stolen numbers.

Secure Your Business with Brinztech — Global Cybersecurity Solutions

Brinztech protects organizations worldwide from evolving cyber threats. Whether you’re a startup or a global enterprise, our expert solutions keep your digital assets safe and your operations running smoothly.

Questions or Feedback?

For expert advice, use our ‘Ask an Analyst’ feature. Brinztech does not warrant the validity of external claims. For general inquiries or to report this post, please email us: contact@brinztech.com