With only two months remaining before the parliamentary elections, another scandal has erupted concerning the digital security of the leading opposition party. Cybersecurity experts discovered a breach of the Lunda platform, which the Tisza Party used for fundraising. The situation became more than mere rumour on 3 February, when a file containing the first thousand records of the donor database was published on the closed hacker forum LeakBase.
The choice of publication venue was far from accidental. Last November, data stolen from the Tisza Party’s application had previously been offered for sale on the same website. This time, however, the attackers released far more sensitive information. The published database fragment contains not only the full names, telephone numbers, and email addresses of supporters, but also the detailed histories of their financial transactions. The hackers exposed the exact amounts of transfers and the specific initiatives you and other citizens supported.
The disclosure of such information poses serious risks for the tens of thousands of people who financially support the opposition. Access to transaction histories makes these citizens vulnerable to fraudsters, who can appear legitimate by knowing precise amounts and transfer details. Furthermore, revealing the anonymity of donors to political parties inevitably raises concern that they may be subjected to pressure.
It is worth noting that the reliability of the Lunda platform had already raised questions among the competent authorities well before the current incident. In spring 2024, when Péter Magyar launched his website, the Sovereignty Protection Office had already warned about the risks of using this infrastructure. The platform is owned by the Austrian company Estratos Digital, and experts at the time noted that transferring Hungarian voter data into such a system was unsafe due to opaque information-processing mechanisms. The current leak effectively confirms that last year’s warnings about vulnerabilities in the party’s digital ecosystem were justified.
The public disclosure of even a small portion of a database usually indicates that the entire system has been compromised. Therefore, information security specialists recommend that anyone who donated via the Lunda platform take preventive measures rather than wait for official explanations. Specifically, they should immediately contact their bank to block the cards used for payments and request new ones. This reliably protects funds from unauthorised charges that may occur in the event of a payment leak. Neither the Tisza Party leadership nor representatives of the platform’s operator have provided official information about the scale of the incident.
