Cyber Incident Victim: City Administration of Bad Langensalza

On or around May 30, 2023, the city administration of Bad Langensalza in the Unstrut-Hainich-Kreis district of Thuringia became the victim of a cyber attack. The city administration itself publicly confirmed the incident through official communications on its website and social media channels. The attack resulted in the paralysis of the majority of the city's IT systems. This widespread disruption severely crippled the administrative functions of the local government. The immediate consequence was that the city administration's accessibility to the public was only possible under significantly difficult conditions. The working capacity of the entire administration was reported as being severely impaired by the incident.

A specific and immediate impact of the attack was the complete inability to process electronic communications. The city's email systems were directly affected, with the administration stating that incoming emails could neither be viewed nor processed. This created a significant breakdown in standard communication channels between the citizens and their local government. The city's official website, www.badlangensalza.de, was used as the primary platform for disseminating information and updates regarding the situation, as traditional methods were unavailable.

In its initial response, the city administration began working intensively to address the disruption and restore services. The city stated it was working "with high pressure" to resolve the outage. A public statement was issued to inform citizens of the situation and to manage expectations regarding the availability of municipal services. The administration explicitly requested the public's understanding while these recovery efforts were underway. The city also committed to providing immediate updates to its public message as more information became available, indicating a focus on maintaining transparent communication despite the attack.

While most computer systems were rendered inoperative, the city provided a specific timeline for the restoration of certain critical citizen services. The services of the Residents' Registration Office (Einwohnermeldeamt) and the Registry Office (Standesamt) were explicitly noted as being excluded from the broader paralysis, though they were still initially affected. The administration announced that these specific services would be available again starting Wednesday, May 31, 2023. Furthermore, telephone accessibility was scheduled to be restored on that same date, with the public instructed to use the usual contact number, 03603-8590, to reach the administration. This indicated a phased recovery approach, prioritizing essential services that directly interact with the public.

The incident garnered attention beyond the city's own announcements, being reported by regional media outlets. The Mitteldeutscher Rundfunk (MDR), a public broadcaster for the region, had reported on the cyber attack prior to the city's own official online statement. The Deutsche Presse-Agentur (dpa) also picked up the story, further disseminating the news of the attack on the Thuringian city. The public nature of the response, through the city's website and Facebook page, underscores the significant impact the attack had on the municipality's operations and its need to communicate directly with residents through any available means. The full scope of the attack, including the specific nature of the malware or threat actor involved, was not detailed in the initial public communications from the city administration. The primary focus remained on acknowledging the incident, detailing its disruptive effects on municipal services, and outlining the immediate steps being taken to restore operational capacity.