With only two months remaining before Hungary’s parliamentary elections, a major controversy has emerged concerning the vulnerability of the main opposition party’s digital infrastructure. Cybersecurity specialists reported a breach involving the Lunda platform used by the Tisza Party to collect donations. On 3 February, the matter moved beyond speculation when a file reportedly containing data on the first thousand financial contributors was published on the closed hacker forum LeakBase.
The choice of publication venue was notable: the same forum had allegedly been used in November last year to offer for sale data allegedly taken from the Tisza Party’s application. The present leak, however, appears to involve more sensitive material. The disclosed portion of the database reportedly includes not only supporters’ names, telephone numbers, and email addresses, but also records of their financial transfers. According to reports, the data reveal the precise amounts donated by individuals and the specific projects or initiatives they supported.
Such a level of detail could pose significant risks for tens of thousands of opposition supporters. Information relating to payment transactions may be exploited by fraudsters: knowledge of exact sums and dates can enable scams to appear highly credible. In addition, the loss of anonymity for donors to a political party inevitably raises concerns about potential pressure or intimidation.
It is also notable that questions regarding the security of the Lunda platform had been raised prior to the current incident. As early as spring 2024, when Péter Magyar’s movement launched its website, Hungary’s Sovereignty Protection Office warned of potential risks associated with the service. The platform is owned by the Austrian company Estratos Digital, and experts at the time cautioned that transferring Hungarian voter data into such a system could create issues due to limited transparency around data processing. The present incident may be seen by some observers as reinforcing earlier concerns about systemic vulnerabilities in the party’s digital tools.
Cybersecurity specialists generally note that even a partial database disclosure can indicate broader system compromise. In the current circumstances, information-security experts are advising anyone who has ever transferred funds via the Lunda platform not to wait for official statements but to take precautionary action. The most prudent step is to contact one’s bank immediately, block any cards used for donations, and request replacements. This is widely regarded as the only reliable way to protect savings against unauthorized charges, which are considered a plausible risk following any payment-data breach. At the time of writing, neither the Tisza Party leadership nor representatives of the platform’s owner had issued a detailed public comment on the scale of the incident or provided an official explanation.
Image Péter Magyars Facebook
