Cyber attack on Dom Development. Hackers were able to take over confidential customer data
Dom Development SA, one of the largest housing developers in Poland, confirms that fell victim to a serious cyber attack. The incident was detected on December 4, 2025. The attack resulted in unauthorized downloading of data from the company's systems. Initial analysis indicated that customers' personal data may also have been compromised.
The company argues that the operational activities of entities from the Dom Development group have not been disrupted. The relevant state authorities were immediately notified about the event, including the President of the Personal Data Protection Office and the Prosecutor's Office.
Dom Development fell victim to a hacker attack
The greatest concern is the scope of information that could end up in the hands of cybercriminals. Depending on the stage and nature of the relationship with the developer, both basic identification data were included in the databasesnames and surnames, residential addresses and contact details, as well as more sensitive information, incl PESEL and NIP numbers and data from identity documents. These include ID card numbers, expiration dates and names of issuing authorities.
Read also: Record profits for the developer leader. However, there are more than half the number of unsold apartments
The breach could also include financial and property data. This includes: about bank account numbers, debt information, land and mortgage register numbers and details of transactions concluded and products purchased. In some cases, the systems also contained health informationwhich further increases the importance of the incident from the point of view of privacy protection.
The scope of people potentially affected by the leak includes current and former clients, people interested in the company's offer, as well as representatives.
Taking over such an extensive information profile creates a real risk of data being used for crimes. The company warns in particular against the risk of identity theft and attempts to incur financial liabilitiesespecially in non-bank institutions, where verification procedures are less restrictive. Potential consequences may also include benefit fraud, abuse of civil rights, and an increase in phishing attempts and telephone fraud.
See also: The Price Transparency Act did not reduce rates. Apartment sales are growing
Dom Development urges caution
In response to the incident additional technical measures have been implemented to limit the effects of the attack, and too anti-phishing solutions. Procedures for securing and restoring data from backup copies have also been strengthened. The company also cooperates with external cybersecurity experts.
Customers and other persons potentially affected by the breach were advised to take preventive actions. In particular it is recommended to reserve the PESEL number via the mObywatel application. The company also urges you to be particularly careful with unexpected telephone and e-mail contacts, avoid clicking on suspicious links and not to share additional information with third parties.
Read also: “The market is very dynamic.” Dom Development assesses opportunities and threats for 2026.
Persons seeking detailed information about the incident or their rights may contact the Data Protection Inspector of Dom Development SA by e-mail at [email protected], or by post at the company's headquarters in Warsaw.
Dom Development SA has been operating on the Polish market since 1996 and is one of the largest and most experienced housing developers in the country.
