Cyber Incident Victim: Stockach

On or around September 1, 2022, the municipal administration of Stockach, Baden-Württemberg, Germany, experienced a cybersecurity incident involving unauthorized encryption of data stored on a Network Attached Storage (NAS) system. External attackers exploited a previously unidentified security vulnerability in this NAS device, which functioned as an intermediate storage repository for copied datasets. The compromise resulted in the encryption of data on the system, rendering it inaccessible to city personnel. A ransom demand accompanied the encryption, though the specific amount or payment method was not disclosed in public reporting. The attackers’ entry vector was closed following the detection of the incident. Municipal officials confirmed the core administrative network and all external offices remained fully operational and unaffected by the attack, as the compromised NAS operated outside these critical systems.

Immediate response actions included notifying Stockach’s Data Protection Officer and the municipal service provider Komm.ONE AöR, which coordinated additional containment measures. Mayor Rainer Stolz authorized a forensic investigation to determine whether data exfiltration occurred and to identify the scope of potentially compromised information, though no conclusive evidence of data theft had been confirmed at the time of reporting. City operations continued without disruption, as workflows did not depend on the encrypted NAS. Mayor Stolz publicly emphasized the administration’s uninterrupted capacity to serve residents and external stakeholders despite the incident, underscoring the isolation of the attack to non-essential storage infrastructure. The incident highlighted broader trends of increasing cyberattacks targeting municipal entities, though Stockach’s response prioritized maintaining public service continuity while investigating potential data impacts.