Massive data breach exposes personal information of German politicians.

January 5, 2019 |

Data breaches of any personal information is a serious matter. The misuse of personal information can financially affect a person whose information is used for identity theft and it can have a massive impact on an organisation that suffers a data breach.  A sub set of data breaches is where the target is a public figure.  There the motivations are generally not financial.  The aimed impact is reputational and  humiliation. It can also be used to cause disruption, as was the case recently in Germany where there has been a massive hacking attack which has resulted in personal data of hundreds of German politicians have been accessed and then leaked over Twitter.  This has been reported by Wired in  A Major Hacking Spree Gets Personal for German Politicians, Reuters in German politicians’ data published online in massive breach and the Australian in Angela Merkel hit in massive data hack attack.  The focus of these breaches are to humiliate and embarrass.  The breach is a particularly pernicious form of politics.  It is curious that only one political party in Germany was not affected by the data breach, the far right Alternative for Germany.  No doubt when the investigation begins the role of well known disrupters of the political process will be considered, primarily the Russians.   It is curious that only one political party was not affected by the hack, the very right wing Alternative for Germany. No doubt investigations focused on the role of Russia.

The Reuters article provides:

BERLIN (Reuters) – Personal data and documents from hundreds of German politicians and public figures including Chancellor Angela Merkel have been published online in what appears to be one of Germany’s most far-reaching data breaches.

A preliminary analysis showed the data had been obtained through “wrongful use of log-in information for cloud services, email accounts or social networks”, Interior Minister Horst Seehofer said in a statement late on Friday.

He said there was no evidence that the computer systems of the German lower house of parliament or the government had been compromised, but provided no further details.

The ministry said it remained unclear if the breach, which triggered an emergency meeting of the BSI national cyber defense agency, was the result of a hack or a leak.

Authorities were investigating all possibilities, including espionage, according to one government source, who said it was unlikely that any single person could have compiled the massive amounts of data that had been released.

The public broadcaster rbb, which broke the story, said the data, published on a Twitter account, included addresses, personal letters and copies of identity cards. It said the identity of the perpetrators and their motive were not known.

The twitter account, which existed for four years and has now been deleted, first began releasing data in December in an electronic “Advent calendar”. The extent of the data leaks first became apparent late on Thursday evening, sources said.

German media said a fax number and two email addresses used by Merkel had been published but the government said it appeared no sensitive material from her office had been released.

The hacked material included private chats by Greens leader Robert Habeck with family members and the identity cards of his children, a source familiar with the matter said.

Die Welt newspaper reported late Friday that published lists included names of 410 members of Merkel’s conservatives, 230 Social Democrats, 106 Greens party members, 91 members of the radical Left party and 28 Free Democrats.


The BSI said all but one of the seven parties in the lower house had been affected. German media said that party was the right-wing Alternative for Germany (AfD).

Last year, lawmakers said a powerful cyber attack had breached the foreign ministry’s computer network.

Security officials have blamed most previous breaches of data security on a Russian hacking group, while the Kremlin has consistently denied involvement in such incidents.

The BSI met to coordinate the response of intelligence and other federal agencies.

The Defense Ministry said the armed forces were not affected. The public broadcaster ARD – affiliated to rbb – said its journalists had as yet detected no incriminating content.

The city-state of Hamburg was working with Irish data protection authorities to stop the data being spread via Twitter, but said the company had not been responsive.

It said the Twitter account used to spread the data had been deleted, but that it was still pressing for the deletion of links to data on other platforms.

Security officials have blamed most previous attacks on a Russian hacking group, APT28, that experts say has close ties to a Russian spy agency. Experts held the same group responsible for an attack ahead of the 2016 U.S. presidential election.

Bild newspaper reported that German authorities had asked the U.S. spy agency NSA for assistance.

Leave a Reply

Verified by MonsterInsights