Cyber Incident Victim: Arbeiterwohlfahrt (AWO) Gießen
Date:
Apr 2025
Location:
Germany
Summary
Arbeiterwohlfahrt (AWO) Gießen experienced a cyberattack that prompted an immediate response from a crisis team led by external experts from dokuworks, who coordinated containment efforts while the organization relied on existing backups to keep services in care facilities, kindergartens and other operations running without interruption. Although some internal processes became more burdensome for staff, the attack did not disrupt essential care, and the organization refused to cooperate with the attackers. The incident raised concerns about possible exposure of personal data stored in its IT systems, prompting assurances that all GDPR notification obligations would be met and that police, the Hessian State Criminal Office and the state data protection authority had been informed. Restoration of IT infrastructure is underway, with a focus on securing data and gradually reconnecting systems after isolating them from the internet.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On Sunday, 27 April 2025, the Arbeiterwohlfahrt (AWO) Gießen became the target of a cyberattack. The organization reported that, thanks to comprehensive security measures and functioning backups, the provision of care to residents and customers could be maintained at all times. Operations in the nursing homes, kindergartens and other facilities continued without disruption from the following Monday. Nils Neidhart, the Geschäftsführer of AWO Gießen, noted that while some internal processes had become more burdensome and cumbersome for staff, the organization remained able to fulfil its mandate completely. He also expressed irritation that a non‑profit organization had been attacked and stressed that AWO Gießen would not cooperate with the perpetrators.
An ad‑hoc crisis team was immediately assembled, under the leadership of external specialists from the company dokuworks, to coordinate the response and bring the incident under control swiftly. Markus Weber, the head of the crisis team, confirmed that the prior preparation of processes and IT infrastructure, together with the decisive actions of employees and the external IT specialists, had prevented a worse outcome and allowed the organization to look forward again by Monday. He added that, in the days and weeks ahead, considerable follow‑up work would be required, with substantial on‑site support available. As a precaution, a temporary emergency operation was established and large portions of the IT infrastructure were disconnected from the internet to ensure that the attackers could no longer remain in the system. Although it cannot be ruled out that personal data stored in the IT environment were affected by the attack, Nils Neidhart assured that all information obligations under the GDPR would be met.
The police, the Hesse State Criminal Office and the State Data Protection Authority were informed immediately, and AWO Gießen stated that it is cooperating fully with these authorities. At present, the IT environment is being carefully and prioritised brought back online, with the focus placed on protecting data and providing IT resources for the care of people. This restoration process is expected to take several weeks. AWO Gießen thanked all employees for their committed effort and support during the crisis situation. Contact details for further information were provided: Nils Neidhart (Geschäftsführer AWO Stadtkreis Gießen e.V.) and Markus Weber (Krisenstabsleiter, dokuworks GmbH).