Cyber Incident Victim: Gemeinde Kirkel
Date:
Mar 2025
Location:
Germany
Summary
The municipality of Kirkel was hitby a criminal cyberattack that was identified by its internal IT team, prompting the isolation of its systems to protect data security and privacy. As a result, the town hall was closed and email communication with the administration was disrupted, while authorities were notified and law‑enforcement agencies began investigating the incident with the help of external specialists. Residents were advised to use a designated phone number for urgent matters.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 2 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On Friday, 14March 2025, the internal IT department of Gemeinde Kirkel discovered a security incident within the municipal network. The incident was promptly classified as a criminal cyberattack targeting the town's information technology systems. Mayor Dominik Hochlenert communicated the occurrence to the public in an official statement issued on Sunday evening. In his statement, the mayor confirmed that the security breach had been identified by the internal IT team on the preceding Friday. He noted that the discovery triggered the municipality's incident response procedures. No technical specifics about the attack vector or malware were disclosed in the released information. The mayor emphasized that the incident was being treated with the utmost seriousness by the administration. The public was informed that further details would be provided as the investigation progressed.
As a direct result of the cyberattack, the Rathaus Kirkel was closed to the public until further notice. The municipality announced that email communication with the administrative offices was no longer possible. To ensure data security and data protection, the IT systems were isolated from the network. This isolation prevented the delivery of regular administrative services that depend on the municipal IT infrastructure. Residents were advised that they could not reach the town hall via electronic means for routine matters. The closure also meant that in‑person visits for citizen services were temporarily unavailable. The municipality stated that the shutdown would remain in effect until the IT environment could be verified as secure. All non‑essential functions were suspended to maintain the integrity of the isolated systems.
In response to the incident, Mayor Hochlenert reported that the Gemeinde had contacted the State Criminal Police Office (Landeskriminalamt) to request official assistance. The municipality indicated that it was cooperating closely with the local police force to investigate the cyberattack. Police investigators were working to determine how the unauthorized access to the municipal systems had occurred. Additionally, external experts were engaged to support the Gemeinde in managing the incident and clarifying its causes and effects. For urgent emergencies requiring immediate municipal attention, citizens were instructed to call the telephone number 06841/80980. The administration clarified that this line should be used only for situations that cannot wait for the restoration of normal services. No further details about the attack timeline or the expected duration of the closure were provided in the available sources.