The theft of over 600,000 records from Lithuania's Centre of Registers reveals a calculated intelligence operation rather than opportunistic crime, exploiting systemic underinvestment in Baltic state IT infrastructure that former chief Adrijus Jusas pegged at €60 million in needed upgrades. While Lithuanian prosecutors remain silent on attribution, the attack's use of compromised institutional credentials aligns with patterns seen in Slovakia's 2023 land registry disruption and Ukraine's pre-invasion registry breaches, both attributed to Russian GRU-linked actors by Western intelligence assessments. Mainstream coverage overlooks how residential address data from property registers enables precise targeting of government personnel for surveillance or coercion, amplifying hybrid warfare risks in NATO's eastern flank amid heightened tensions with Kaliningrad and Belarus. Data sovereignty concerns extend beyond Lithuania: EU member states' reliance on legacy systems creates shared attack surfaces where one breach cascades into regional intelligence windfalls for Moscow. This incident fits a broader escalation where state actors prioritize persistent access to official databases over ransomware, prioritizing long-term leverage in potential crises over immediate financial gain. Jusas's resignation underscores accountability gaps, yet the real failure lies in fragmented EU cybersecurity funding that leaves frontline states exposed to asymmetric threats from better-resourced adversaries.