Cyber Incident Victim: BB Services
Date:
Dec 2023
Location:
Germany
Summary
A cyberattack targeted the online shop of BB Services GmbH, known as Bluebrixx, after the company detected irregularities in its IT infrastructure. Unauthorized access potentially compromised customer names, email addresses, billing and shipping details, order histories, and encrypted passwords, though financial data remained unaffected due to external payment processing. The organization notified law enforcement, regional data protection authorities, and its external data protection officer, while urging customers to reset their account passwords immediately. The company secured the compromised server, addressed vulnerabilities, and pledged to strengthen security protocols to mitigate future risks.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On or around December 1, 2023, BB Services GmbH, operating the Bluebrixx online retail platform for building bricks, experienced a cybersecurity incident involving unauthorized access to its IT infrastructure. The company initially detected unspecified irregularities within its systems, which subsequent investigation confirmed as a cyberattack. BB Services GmbH promptly notified law enforcement authorities, the Hessian Commissioner for Data Protection and Freedom of Information, and its external data protection officer about the breach. According to customer communications, the attackers potentially exfiltrated sensitive personal information including customer names, email addresses, billing and delivery addresses, order histories, and encrypted password credentials. The company confirmed financial data such as credit card details, bank account information, and PayPal credentials remained unaffected, as these payment processing operations were handled exclusively by external service providers without local storage on Bluebrixx systems.
In response to the incident, Bluebrixx immediately secured the compromised server and implemented corrective measures to address identified vulnerabilities. The company directly notified affected customers via email, instructing them to change their account passwords through the "My Account > My Data" section of the online shop interface. Andreas Becker, Managing Director of BB Services GmbH, publicly stated the organization would enhance its security protocols to minimize future risks, though specific technical details of these improvements were not disclosed. The breach investigation remained ongoing with law enforcement involvement at the time of the notification, with no further operational disruptions or additional compromised data categories reported beyond the initial disclosure. Customer account functionality was maintained throughout the response period with mandatory password resets implemented as a precautionary measure against potential credential misuse.