Cyber Incident Victim: Heim & Haus

In late June 2025, Heim & Haus became the target of a criminal cyberattack that encrypted parts of its IT systems. The company immediately launched extensive containment and investigation measures. It engaged specialized IT forensics experts and acted in accordance with the guidelines of the Federal Office for Information Security (BSI). By the time of the statement, the restoration of its IT systems had been completed. Heim & Haus reported that it was again reachable by telephone and e‑mail through its known communication channels. Online access to the Heim & Haus customer portal was restored. Production resumed fully and stably. Direct sales, assembly, and customer service were nationwide fully operational. Customer orders continued to be processed with the usual level of commitment.

The protection of personal data was stated to have high priority for the company. External IT forensics service providers were commissioned to conduct further investigations. The final investigation reports were submitted to the competent law‑enforcement authorities. The investigation determined that, in addition to the system encryption, personal data had been exfiltrated. A specialized service provider was tasked with the detailed analysis and risk assessment of the compromised data. Heim & Haus fulfilled its obligations to the affected individuals by providing quick and transparent information. All actions taken were coordinated with the data protection authorities. The final report required under the GDPR (DSGVO) was submitted to the supervisory authorities.