Cyber Incident Victim: heinekingmedia GmbH
Date:
May 2023
Location:
Germany
Summary
A cyberattack targeted the data center provider of heinekingmedia GmbH, disrupting services for its Digitales Schwarzes Brett (DSB), DSBmobile app, and Mediabox platforms. The incident required forensic data scans to eliminate malware risks before system recovery, leading to temporary service outages, mandatory password resets for users, and rebuilding of infrastructure. The company maintained regular customer communications, coordinated with law enforcement agencies, and confirmed no evidence of data exfiltration occurred. Other products, including tafel.cloud and schul.cloud, remained unaffected during the attack response. Service restoration proceeded incrementally with extended license periods offered to compensate for downtime.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
The cybersecurity incident impacting heinekingmedia GmbH originated from a cyberattack targeting their data center provider, myLoc managed IT AG (formerly Mivitec GmbH), beginning approximately May 18, 2023. The attack disrupted operations of the Digitales Schwarzes Brett® (DSB), DSBmobile® app, and Mediabox services, which relied on the provider's infrastructure. Immediate containment actions included isolating affected servers, rerouting traffic to prevent network contamination, and initiating forensic investigations by cybersecurity experts in coordination with law enforcement (Landeskriminalamt Bayern, Bundeskriminalamt) and regulatory bodies (Bavarian Data Protection Authority, Federal Office for Information Security). The provider confirmed attackers encrypted operational systems and backups, eliminating conventional recovery options. heinekingmedia established an internal crisis management team overseen by Group CEO Markus Doetsch and engaged external data protection advisors to address compliance obligations. Initial customer communications on May 19 confirmed service unavailability while advising institutions to notify their data protection officers and perform mandatory GDPR risk assessments using provided incident documentation.
Forensic examination dominated the response from late May through mid-June 2023. Mivitec transferred systems to a quarantine environment where analysts conducted iterative malware scans using multiple tools, scrutinizing individual files to ensure no residual threats remained before decryption attempts. This extended downtime necessitated parallel infrastructure development by heinekingmedia to restore services independently if primary systems remained unrecoverable. Customer-facing measures included validating administrator email addresses via phone verification and publishing password reset protocols for imminent reactivation. Gradual service restoration commenced June 20, starting with DSBcontrol, followed by DSBsync (June 21) and DSBmobile (June 22), requiring all users to reset credentials per updated security policies. Persistent login issues prompted troubleshooting guidance for cache clearance and browser updates. By June 28, 10,000+ customer instances were operational, though free news/weather displays remained offline. heinekingmedia extended license durations commensurate with outage periods automatically. The incident exclusively affected DSB-related products; other solutions like schul.cloud and tafel.cloud® operated normally throughout. No evidence indicated compromised customer networks or unauthorized content dissemination via DSB endpoints during the attack lifecycle.