Cyberattack on the City of Split: Unauthorized Access to City Administration System

The City of Split has confirmed a serious cyber security incident after it was discovered that an unknown individual had unauthorized access to the city administration’s information system for several months. During that period, from June 10 to October 9, 2025, the attacker was able to view citizens’ personal data, compromising the confidentiality of information from official records.

According to the City’s statement, the incident was discovered following an internal system review, after which IT specialists immediately took measures to contain the breach and prevent further access. “The system is now fully secured, and additional security procedures have been implemented to prevent similar incidents in the future,” the statement reads.

The City of Split announced that a detailed forensic analysis will be conducted to determine the extent of the compromise and identify which databases were accessed by the attacker. Special attention will be given to potential leaks of sensitive personal information, including data related to children, medical documentation, and bank account numbers.

All citizens whose data may have been compromised will be individually notified, while a dedicated email address — SZOP@split.hr — has been opened for reporting any suspected misuse.
The Agency for the Protection of Personal Data (AZOP) confirmed that the City of Split submitted an official report on the data breach in accordance with Article 33 of the General Data Protection Regulation (GDPR) and that an urgent supervisory procedure has been initiated.