Cyberattack on LVM Carried Out Through System Unupdated for Two Years
The IT director of Latvia's state-owned forest company LVM reveals that the cyberattack exploited a system that had not been updated for two years, and data analysis is ongoing.
/nginx/o/2026/03/19/17518483t1h7c34.jpg)
Māris Kuzmins, Director of Information Technology Infrastructure and Development at AS "Latvijas valsts meži" (LVM), stated on TV3's program "900 sekundes" that the cyberattack on the company occurred through a system that had not been updated for two years. He refuted earlier reports of a seven-year-old vulnerability, calling them inaccurate.
Kuzmins explained that the system was necessary for the company's operations but contained a vulnerability. He emphasized that LVM's systems had been secure so far, but even stricter security measures will be implemented in the future. The situation has now stabilized, but work continues to restore full functionality.
The "LVM GEO" map service system is still not operational, and access has not been restored for approximately two-thirds of contract clients. It is expected that "LVM GEO" will be partially available on Wednesday, with full restoration possibly taking until the end of the week or next week.
No data loss has been detected so far due to multiple backup levels. However, Kuzmins acknowledged that personal data has been leaked, and the exact scope and type are being determined. The data may belong to registered users, service providers, and partners.
The cyberattack was detected on June 22, and a foreign ransomware group claimed responsibility. The State Police have launched a criminal investigation, and "Cert.lv" is involved in clarifying the incident. Previously, "Cert.lv" stated that 44 gigabytes of data were leaked, including internal documents, emails, code repositories, certificates, and passwords.
Cybersecurity expert Elviss Strazdiņš claimed that the attackers demanded a ransom of 0.1% of LVM's annual revenue, equivalent to over 600,000 euros. However, LVM confirmed that no such demand was received, and even if it were, the company would not pay.
/nginx/o/2026/07/08/17770138t1hd58c.jpg)

