The Hellenic Agency for Local Development and Local Government S.A. (EETAA SA) suffered a cyberattack between March 1 and March 5, 2025, as identified by the company’s IT Department.
EETAA aims to provide scientific and technical support to first- and second-degree Local Government Organizations and their entities, as well as to Public and Social sector bodies on issues related to Local Governance and Development. Additionally, to achieve its objectives, it participates in a large number of Networks and Collaborations.
Investigation into Possible Data Breach
EETAA SA is investigating the possibility of a personal data breach affecting beneficiaries of the programs and initiatives it manages. Given the severity of the incident, the company promptly took action in accordance with the legal framework for data protection.
Actions Taken by EETAA SA
Specifically, the company proceeded with the following actions:
- Within 48 hours, it informed the Data Controllers of the affected programs (the Ministry of Social Cohesion & Family and the Ministry of National Economy & Finance) and submitted a detailed report to the Hellenic Data Protection Authority (HDPA), also notifying the Ministry of the Interior.
- Within 72 hours, it submitted a detailed report to the HDPA regarding the security incident.
- Immediately, it reported the incident to the National Cybersecurity Authority (NCA).
- Filed a criminal complaint against unknown perpetrators with the Cybercrime Division, which is now investigating the case.
Ongoing Restoration of IT Systems
EETAA SA is working intensively to restore the normal operation of its IT systems. The goal is to ensure the timely completion of payments under the program “Promotion and Support of Children in Early Childhood Education and Access for School-Age Children, Adolescents, and People with Disabilities to Creative Activity Services”, with a deadline of March 31, 2025.
The case remains under investigation, while the company awaits further instructions from the relevant authorities regarding the management of the security incident.