Cyber Incident Victim: Kaufhaus Oberpollinger
Date:
Nov 2023
Location:
Germany
Summary
A Russian cybercriminal group targeted Kaufhaus Oberpollinger and affiliated luxury department stores, compromising corporate networks during an overnight attack. The company's security systems detected and contained the intrusion early, limiting its impact. IT systems were temporarily shifted to offline emergency mode, causing operational disruptions that were later mostly resolved with minor residual effects. Forensic investigations, supported by external experts, found no evidence that attackers accessed customer payment details, account data, or passwords. The incident occurred during the pre-Christmas sales period, prompting coordinated defensive measures and cleanup efforts. Authorities were notified, and a criminal complaint was filed with ongoing collaboration with cybercrime police units.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 0 motives | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On or around November 2, 2023, Russian cybercriminals launched an attack against the KaDeWe Group, impacting its Berlin-based luxury department store KaDeWe, Hamburg's Alsterhaus, and Munich's Kaufhaus Oberpollinger. The intrusion began overnight between Thursday and Friday, targeting the company's corporate networks. Security monitoring systems detected the activity at an early stage, enabling immediate defensive measures that contained the attack's impact before significant damage occurred. As a precautionary step, KaDeWe Group transitioned all IT systems to an offline emergency mode during the weekend following the breach. By Tuesday, November 3, physical store operations had largely resumed normal functionality with only minor residual disruptions, though customers were advised to expect intermittent limitations due to ongoing containment and remediation efforts.
KaDeWe Group CEO Michael Peterseim formally notified customers of the incident via email on November 3, confirming no evidence indicated unauthorized access to customer payment details, account passwords, or personal financial data. The company engaged external forensic specialists to conduct a comprehensive investigation while internal IT teams prioritized restoring full operational stability. Law enforcement authorities, including Berlin's Cyber Crime Unit, were immediately notified, and the organization filed a criminal complaint. Peterseim committed to promptly informing any customers if forensic analysis later revealed compromised personal information, though preliminary findings suggested attackers were blocked before reaching sensitive datasets. Normal business operations resumed with minimal reported interruptions as security teams continued analyzing the attack's scope and reinforcing network defenses.