Play, BLIK, Nowa Itaka, the number of failures in Poland is increasing. This is how you should protect yourself
At the same time, the BLIK payment system today confirmed another external DDoS attack in recent days caused difficulties in generating codes and completing transactions. This is the second such situation in a short period, and banking operators reported scattered problems among their clients.
Over the weekend, the Minister of Digital Affairs also informed about two data breaches, i.e. an attack on the Supergrosz lending company and the leak of login data of some customers of the Nowa Itaka travel agency. These events, although of different types, show that the pressure on Polish financial and commercial services is real.
Check also: BLIK failure. Users were unable to use payments. Minister: It's an external attack
The number of attacks on Poland is increasing
System data confirm the upward trend. In September, CSIRT NASK registered 57.3 thousand reports and 26.4 thousand security incidents – by 30-40 percent more than on average in previous months. CERT Polska also added 25.2 thousand new malicious domains to the Warning List in September alone, and 160.6 thousand since the beginning of the year. These are hard indicators of growing cybercriminal activity on the Polish network.
Where does this growth come from? Seasonality contributed to this – November is the beginning of the shopping peak (Black Friday/Cyber Monday), when phishing, fake stores and frauds intensifywhich has been confirmed by NASK and state institutions for years. In such an environment, operational pressure also increases on payment gateways and settlement services, which become attractive targets for criminals.
Secondly, DDoS has become a service available “off the shelf” on the dark web. Industry reports from 2025 describe large-scale and automated DDoS, powered by botnets composed of vulnerable routers and IoT devices. Today, attackers do not need much competence to launch a multi-vector attack and attack banking, telecom or transaction services.
There is also a geopolitical factor in the background. Since the beginning of the war in Ukraine, Polish institutions have been regularly targeted by pro-Russian groupswhich specialize in DDoS attacks targeting administration and public services.
Companies should protect themselves better
You need to build resistance to DDoS and availability interruptions. This means implementing protection at the edge (scrubbing/Anycast by a specialized provider), good rate-limit and WAF policies, overload tests and ready runbooks in case of an attack, especially during critical sales and settlement windows. The practice of recent days has shown that even hours of disruption in payments or communication result in large losses and a reputational crisis.
Secondly identity and access need to be strengthened. Organizations should enforce phishing-resistant multi-factor authentication (e.g. hardware keys or passkeys) for employees and administration panels, minimize permissions, and strictly enforce updates and hardening of services exposed to the Internet. Theft of login data is the fastest way to escalate the incident.
You have to too assume a leak will happen — and prepare a response. Data encryption, immutable backups, network segmentation and regular IR/Tabletop exercises shorten response times, and prepared communication paths with clients and offices reduce chaos. Recent data leaks show that speed of notifications and transparency of actions are as important as fixing the problems themselves.
Users cannot ignore cybercriminals either
What can users do here and now? First of all, use unique, long passwords and enable 2FA wherever possiblepreferably using a 2FA app or dongle. This makes it significantly more difficult to take over the account even if our data appears in the leak.
Secondly, During periods of intense promotions, we should not click on links from text messages and instant messengers, but enter the addresses of stores and banks in the browser window ourselves.. Suspicious messages can be forwarded to CERT Polska on the number 8080, which helps quickly eliminate fake campaigns from circulation.
And third, in the event of payment issues or service interruptions, You must not repeat the transaction impulsively, but check the history of transactions with the bank and the supplier's messages. In the event of a data leak, it is worth turning on notifications and considering blocking your PESEL number and using alerts in the mObywatel application. These are simple actions that limit the effects of fraud or abuse.
