Cyber Incident Victim: Neuapostolische Kirche Süddeutschland
Date:
Apr 2025
Location:
Germany
Summary
Neuapostolische KircheSüddeutschland reported that a hacker attack on its administrative and service center resulted in the theft of data from its financial accounting application, including names, addresses and bank details of legal entities and possibly first names, last names and bank details of individuals, while addresses of individuals and credit card information were not stored and other systems such as member management, donation accounting and correspondence remained unaffected. The organization notified police, engaged external IT security experts, filed a criminal complaint and informed the relevant data protection authority, and stated that, according to police findings, the compromised data have not been used or offered for sale.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On Friday, May 9,2025, the Verwaltungs- und Dienstleistungszentrum der Neuapostolischen Kirche Süddeutschland suffered a hacker attack. The attack resulted in unauthorized access to the financial accounting application. Data from that application were exfiltrated. Other systems such as membership management, donation accounting, and correspondence were not affected. The article was published on April 29, 2025, referencing the earlier report.
According to the information available, it cannot be ruled out that besides names, addresses, and IBANs of legal persons, personal data such as first names, last names, and bank details of natural persons may have been viewed. Addresses of natural persons are generally not stored in the accounting system. Credit card data are not stored in the IT system. The attackers have not used or offered for sale the personal data according to police findings.
The organization immediately involved the police (Polizeipräsidium Stuttgart, Zentrale Ansprechstelle Cybercrime beim Landeskriminalamt) and external IT security experts to analyze the incident and improve future defenses. They filed a criminal complaint and notified the responsible data protection supervisory authority. They took all necessary measures to limit the impact of the data incident and restore system functionality, supported by IT security experts and the police. Contact information for inquiries is provided via telephone at 0711 93300-0 or email at [email protected].