Cyber Incident Victim: Steirische IT-Unternehmen

A cyberattack occurred over the weekend of March 9-10, 2024, targeting a Graz-based IT company in Styria, Austria, which managed approximately 80 databases for real estate sector clients. The compromised firm provided data management services for Klagenfurt Wohnen, a municipal housing corporation owned by the City of Klagenfurt, raising concerns about unauthorized access to tenant and customer records. Initial reports indicated the attackers infiltrated the IT company’s servers, though the operational methods and extent of data exfiltration remained unconfirmed. Klagenfurt Wohnen’s customer database was identified as a potential compromise vector, though municipal officials emphasized the incident’s full impact was still under evaluation. The breach was first disclosed through investigative reporting by Kleine Zeitung, with no public statement from the affected IT provider regarding attack timelines or technical specifics.

Valentin Unterkircher, head of Klagenfurt’s city communications department, acknowledged the incident on Tuesday, March 12, following inquiries by Kleine Zeitung and subsequent confirmation via the Austrian Press Agency (APA). He stated the severity of the intrusion and its consequences for data integrity remained undetermined, with no timeline provided for concluding forensic analysis. The attack’s scope extended beyond Klagenfurt Wohnen, implicating other unspecified real estate entities reliant on the IT firm’s infrastructure, though no additional clients were named in available reports. Municipal authorities did not disclose defensive measures taken post-incident or whether data recovery protocols had been initiated. The event highlighted systemic risks to third-party data processors managing sensitive public-sector information, with customer privacy implications pending further investigation. No ransomware claims, financial demands, or attacker attribution details were reported as of the latest available information.