**BELGRADE** — Within the span of just two months, Serbian government databases suffered at least four major security breaches, exposing sensitive personal information from nearly 700,000 citizens while state institutions responded with what cybersecurity experts characterize as troubling silence.

The cascade of breaches began in March 2026 when hackers compromised Telekom Srbija's m:SAT television subscriber database, exposing 688,884 records spanning six years. The leak included phone numbers for 95% of subscribers and 338,934 unique national identification numbers. More concerning for national security, the breach revealed contracts and personal data from employees of Serbia's Defense Ministry and military.

Telekom's CEO initially claimed the company had located the perpetrator using artificial intelligence, but provided no further public updates. The Special Department for High-Tech Crime at Belgrade's Higher Public Prosecutor's Office issued a brief statement mentioning international cooperation, then fell silent.

Weeks later, the Agency for Business Registries confirmed another breach after hackers issued a 24-hour ransom ultimatum and released sample data. Officials downplayed the incident as involving only "an external user account" that "in no way endangered" the agency's information system integrity.

In April, hundreds of gynecological patient records surfaced online, containing diagnoses, therapies, test results, marital status, and full contact information. The Health Ministry declined to comment. The Privacy Ombudsman opened an investigation but would not identify which institution was compromised.

Most recently, in May, hackers claimed to have penetrated the Ministry of Economy's website management system, obtaining administrator access and personal databases allegedly containing names, phone numbers, and email addresses.

"This is the ultimate product of negligence in state company leadership," cybersecurity specialist Vladimir Cicović told Raskrikavanje, an investigative journalism outlet. He warned that security incidents are being "systematically suppressed rather than systemically resolved."

Cicović emphasized that the real danger extends beyond initial data exposure. Combining datasets from multiple breaches enables sophisticated social engineering attacks, he explained, where criminals impersonate government authorities armed with accurate personal details to manipulate victims. "The next attacks will be even more advanced," he predicted.

Discussion on the r/serbia subreddit, where the investigation was shared, reflected citizen frustration with institutional indifference. The post garnered significant attention despite only six comments, suggesting resignation more than surprise among Serbians accustomed to opacity around state failures.

The breaches highlight broader challenges facing Balkan states seeking EU integration. Digital governance and cybersecurity infrastructure represent critical components of European standards, yet investment often lags behind more visible infrastructure projects.

In the Balkans, as across post-conflict regions, the path forward requires acknowledging the past without being imprisoned by it. Yet addressing systemic vulnerabilities requires first acknowledging their existence—something Serbian institutions appear reluctant to do.

The pattern raises questions about state capacity to protect citizen data in an increasingly digital age. As Serbia pursues EU accession negotiations, Brussels has emphasized rule of law and institutional transparency. Cybersecurity represents a tangible test of whether Serbian institutions can meet European governance standards.

Media inquiries to the Prosecutor's Office regarding the multiple breaches went unanswered. Citizens whose data was compromised have received no official notification or guidance about protecting themselves from potential identity theft or fraud.

The silence from institutions contrasts sharply with the vocal concern from cybersecurity professionals, who warn that without systemic reforms and accountability, the vulnerabilities will persist and the breaches will continue.