PM reveals hacker breached LVM system on June 11
Prime Minister Andris Kulbergs announced that a hacker entered the system of Latvijas Valsts meži (LVM) on June 11, but began active operations on the night of June 22-23. The company has recovered 85% of the data, but the PM criticized the lack of anomaly detection tools.

Prime Minister Andris Kulbergs revealed on Thursday after a Cabinet meeting that a hacker had entered the system of AS "Latvijas Valsts meži" (LVM) as early as June 11, but started actual operations on the night of June 22-23. Kulbergs noted that the hacker operated undisturbed for several days due to the absence of anomaly detection tools in the system.
Kulbergs emphasized that no one is immune to cyberattacks and such incidents occur frequently. He is still determining specific responsibilities but criticized LVM for failing to implement requirements of the National Cybersecurity Law, which an auditor had overlooked. Currently, LVM has recovered 85% of the data obtained by the hacker. The PM stated there is no threat to the state, but the status of sensitive information will be discussed in a separate meeting.
Kulbergs reiterated that neither the election system nor the module managed by LVM was affected. He also admitted a lack of a single responsible coordinator in the country, suggesting that the Crisis Management Center should take on that role. Since Kulbergs was abroad when the attack was discovered, Defense Minister Raivis Melnis convened the meeting on June 25.
Melnis emphasized to journalists that cybersecurity is the responsibility of every institution and individual, and Latvian authorities are capable of providing synchronized support. Meeting participants agreed that LVM will handle public communication, supported by Cert.lv and the Crisis Management Center. LVM is cooperating with Cert.lv and other competent organizations in incident response.
The Ministry of Defense, along with partners, promises to support the implementation of business continuity plans in institutions. The PM announced he will issue a resolution designating responsibilities for each party.
The cyberattack on LVM was detected on June 22, leading to the shutdown of several external and internal IT systems. A foreign ransomware group claimed responsibility. The State Police has initiated criminal proceedings, and Cert.lv is involved. Cybersecurity expert Elviss Strazdiņš previously revealed that the attackers demanded a ransom of over €600,000.
/nginx/o/2026/04/20/17573457t1h086f.jpg)

