Cyber Incident Victim: Styria Medien AG

A cyberattack occurred over the weekend of March 9-10, 2024, targeting an unnamed IT company headquartered in Graz, Styria. The company managed approximately 80 databases for real estate firms, including the customer data of Klagenfurt Wohnen, a municipal housing provider owned by the city of Klagenfurt. Initial reports from Kleine Zeitung indicated the incident potentially resulted in a significant data breach affecting these client systems. Valentin Unterkircher, head of Klagenfurt’s city communications department, acknowledged the cyber intrusion upon inquiry but stated the full scope and severity remained undetermined at the time of reporting. The IT firm’s servers were compromised through suspected criminal activity, though technical details regarding the attack vector, duration of unauthorized access, or specific data types targeted were not disclosed.

Klagenfurt Wohnen’s potential exposure prompted official confirmation from city authorities, with Unterkircher validating the Kleine Zeitung’s findings via an APA (Austria Press Agency) request on March 12. No evidence confirmed whether customer data was exfiltrated or merely accessed during the breach. The incident’s operational impact on Klagenfurt Wohnen’s services or the IT company’s other clients was not detailed in available reports. Similarly, containment measures, forensic investigations, or coordination with law enforcement agencies were not described. Municipal officials emphasized the ongoing assessment of consequences, leaving critical questions about data sensitivity, notification obligations, and remediation efforts unresolved in the immediate aftermath. The absence of attributed responsibility or disclosed attacker motives characterized the incident as an evolving security event with unresolved implications for data subjects and dependent organizations.