Cyber Incident Victim: HfPV
Date:
Feb 2024
Location:
Germany
Summary
A cyber attack targeted the institution's legacy HfPV network, resulting in potential exfiltration of personal data. The compromised information may include names, addresses, email addresses, phone numbers, vehicle license plates, and possibly tax identifiers, bank details, and health records. Affected groups comprise current and former students, staff, lecturers, and business partners linked to the compromised network. Authorities have been notified and an investigation is underway.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
Between February 8 and February 13, 2024, a cyber attack targeted the old HfPV network at the Hessische Hochschule für öffentliches Management und Sicherheit (HöMS). Following the incident, the Hessisches Landeskriminalamt (HLKA) began an evaluation of the attack, and initial results of that assessment were made available. The HöMS administration determined that personal data might have been exfiltrated during the attack and, pursuant to Article 34 of the GDPR, notified potentially affected individuals on February 13, 2024. The notification explained that the attack could have resulted in the outflow of personal data, with some records dating back to at least 2010. The message was sent to inform recipients so they could take appropriate precautions.

The potentially compromised data include names, residential addresses, email addresses, photographs, telephone numbers, and vehicle license plates; additionally, tax numbers, bank connections, and health information such as sick notes or vaccination records cannot be ruled out. Affected groups consist of students in the administration and police departments, employees of the former Hessian Hochschule für Polizei und Verwaltung (HfPV), lecturers employed by HfPV, business partners of HfPV, and other individuals. Because of the possible data breach, recipients face an increased risk of privacy violations, social‑engineering or phishing attempts, and identity theft. In response, HöMS filed a criminal complaint and indicated that the state prosecutor’s evaluation is ongoing. For questions, a hotline is available Monday through Friday from 08:00 to 14:00 at telephone number 0611‑3256 1111, and an email address [email protected] is provided.
