LVM IT Expert: Stricter Security Requirements Ahead
Following the cyberattack on LVM's systems, IT director Māris Kuzmins stated that while systems have been secure, security requirements will be raised. He also noted that the attack exploited a system that had not been updated for two years.

Māris Kuzmins, Director of Information Technology Infrastructure and Development at "Latvijas valsts meži" (LVM), said on TV3's program "900 sekundes" that LVM's systems have been very secure, but after the cyberattack, security requirements will be tightened.
Kuzmins commented on reports that a seven-year-old vulnerability was used in the attack, saying that information is not entirely accurate. He explained that the breach was caused by a system that had not been updated for two years, a period he considers fairly normal.
"That database or system was exactly what we needed, but unfortunately it also had a vulnerability," Kuzmins said. He noted that the company repels many different attacks daily, but described this particular one as peculiar and unique.
The situation has stabilized but remains challenging. The "LVM GEO" map service is still not fully operational, and access has not been restored for about two-thirds of clients under contract. On Wednesday, partial restoration of "LVM GEO" is planned, with a more complete but not 100% restoration expected by the end of the week. Resolving remaining issues may take this week and possibly next.
Kuzmins confirmed no data loss has been detected because backup copies are maintained. Direct financial losses have not occurred, but time has been diverted to other tasks. However, personal data has been leaked – the extent and type are still being investigated. The data may involve users, service providers, and partners registered in LVM's systems.
The cyberattack was detected on June 22. External systems including "LVM GEO", the hunting app "Mednis", and several internal systems were shut down for security reasons. A foreign ransomware group claimed responsibility. The State Police have initiated a criminal investigation, and "Cert.lv" is involved in clarifying the incident.
The attacker had accessed the system on June 11, with active actions beginning on the night of June 22-23. "Cert.lv" reports that 44 gigabytes of data were leaked, mainly internal documents, emails, code repositories, certificates, and passwords. Cybersecurity expert Elviss Strazdiņš disclosed that the attackers demanded a ransom of 0.1% of LVM's annual revenue, more than €600,000. LVM states that no such demand was made directly, and the company would not pay a ransom.
/nginx/o/2026/07/08/17770138t1hd58c.jpg)

