Cyber Incident Victim: Verwaltungs-Berufsgenossenschaft (VBG)
Date:
Sep 2024
Location:
Germany
Summary
A ransomware attack compromised a server within the organization's Online-Campus platform, impacting seminar participants and instructors. The incident exposed personal data including names, email addresses, phone numbers, employer details, and physical addresses stored for seminar coordination purposes. While immediate containment measures involved shutting down the affected server and isolating connected systems, potential data exfiltration could not be ruled out. The breach poses risks of attackers exploiting exposed email addresses for credential-based attacks or further ransomware attempts. No operational disruption occurred, and sensitive insurance-related data remained unaffected. Affected individuals received direct notification, and relevant supervisory authorities were informed.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On September 1, 2024, Verwaltungs-Berufsgenossenschaft (VBG) disclosed a ransomware attack targeting a server within its Online Campus platform, a digital service facilitating occupational safety and health protection seminars. The incident occurred despite what VBG described as extensive pre-existing security measures. Upon detecting the attack, VBG immediately powered down the compromised server and disconnected it from the network to prevent further unauthorized access. The organization confirmed the attacker potentially exfiltrated personal data stored on the isolated server, which exclusively handled seminar-related operations. Affected data fields included participants’ and lecturers’ first and last names, email addresses, telephone numbers, employer names, and full physical addresses (street, house number, postal code, city). VBG emphasized no operational disruption occurred to its core insurance functions, clarifying that sensitive data such as health records, financial information, insurance case details, or account passwords remained unaffected. The breach scope was confined to seminar administration data processed for logistical purposes like event materials, room planning, billing, and future communications about training opportunities.
VBG notified all impacted individuals via email on September 20, 2024, specifically alerting those whose email addresses resided on the compromised server. The organization warned that attackers could exploit stolen email addresses to attempt account takeovers or launch secondary ransomware campaigns against victims. While acknowledging potential data exfiltration, VBG did not confirm whether ransomware was deployed to encrypt systems or if attackers issued explicit ransom demands. Internal containment measures included isolating not only the breached server but also all network-accessible systems linked to it. VBG reported the incident to relevant supervisory authorities but clarified no obligation existed for affected entities to report it further, stating it operated neither as a data processor nor a joint controller for seminar participants’ employers. The incident exclusively involved individuals engaged with VBG’s seminar programs, with no evidence of broader infiltration into other VBG systems or databases.