Cyber Incident Victim: Graz
Date:
Mar 2024
Location:
Austria
Summary
A cyberattack targeted an IT company based in Graz, Austria, which manages approximately 80 real estate databases, including customer data for a municipal housing entity. The incident potentially compromised sensitive information belonging to the city-owned organization's clients, though the full scope and severity remain under assessment. The attack occurred over a weekend, with authorities confirming the breach but providing no further details regarding the perpetrators or specific data exfiltrated. The IT firm's infrastructure intrusion raised concerns about broader impacts across its client network, particularly for the affected municipal service provider. Investigations into the incident are ongoing to determine the extent of unauthorized access and potential data exposure.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 2 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
A cyberattack targeting a Graz-based IT company occurred over the weekend of March 8-10, 2024, potentially compromising sensitive customer data managed for multiple real estate clients. The company, responsible for administering approximately 80 databases for property firms, suffered unauthorized access to its servers, with the intrusion detected following the incident period. Among the affected entities was Klagenfurt Wohnen, a municipal housing provider owned by the city of Klagenfurt, whose tenant and customer records were managed by the breached IT service provider. Initial reports by Kleine Zeitung indicated the attack could constitute a significant data leak, though the full scope remained unverified at the time of disclosure. The IT firm’s role as a centralized data processor for numerous real estate organizations amplified concerns regarding the potential dissemination of personal or financial information across multiple client systems. No technical details regarding the attack vector, such as ransomware deployment or phishing mechanisms, were disclosed in initial reports.
Valentin Unterkircher, head of Klagenfurt’s city communications department, publicly acknowledged the cyber incident on March 10 after media inquiries but emphasized that the severity and consequences were still under assessment. The confirmation followed Kleine Zeitung’s investigative reporting, with subsequent validation by Austrian Press Agency (APA) sources underscoring the attack’s occurrence without elaborating on mitigation steps taken by the IT firm or Klagenfurt Wohnen. The lack of immediate statements regarding data restoration, regulatory notifications, or customer advisories suggested ongoing internal investigations to determine the breach’s operational and legal implications. Focus centered on Klagenfurt Wohnen’s exposure due to its public sector affiliation, though other commercial clients of the Graz IT company remained unnamed in initial disclosures. No threat actor group claimed responsibility, and authorities did not disclose involvement of law enforcement or cybersecurity agencies in containment or forensic efforts by the reporting cutoff date.