Lithuanian companies targeted in GDPR scam

Hundreds of companies in Lithuania were targeted last week by a General Data Protection Regulation (GDPR) scam, with emails purportedly sent from the State Data Protection Inspectorate (VDAI) warning them that they were falling foul of GDPR regulations on their public websites and were risking fines of up to 4% of their annual revenue.

The authorities quickly became aware of the campaign as many worried company owners called in fearing the worst; the attackers’ servers were subsequently blocked, preventing the scam from spreading any further. The attackers were of course offering to help the companies fix their problems – for a price.

After the attack, the VDAI received a large number of enquiries around the topic of compliance, possibly indicating that many companies in Lithuania have yet to properly address the GDPR requirements.

The VDAI has warned that similar scams may appear in the next couple of weeks.

A copy of the email can be seen below:


Our earlier blog post on the ins and outs of GDPR can be found here.

Scroll to Top