What Happened
On September 3, 2022, Lako do Posla, one of the largest Serbian employment agencies, suffered a data breach that exposed personal information of job seekers. The breach affected over 500,000 account details, including email addresses, full names, and phone numbers. Unlike similar attacks on Ukrainian employment agencies during the same period, the precise origin of the Lako do Posla attack remained unknown. The incident was notable for the company’s problematic response: Lako do Posla’s disclaimer stated that the service provider was not responsible for any data loss, leak, or misuse, and that users were responsible for their own data protection—a position that potentially violated GDPR-equivalent regulations in Serbia. The breach received limited media coverage and was not widely picked up by local cybersecurity professionals.
