Cyber Incident Victim: SKM gGmbH

On or around September 1, 2022, SKM gGmbH, a Catholic social services provider based in Düsseldorf, and its affiliated organizational facilities experienced a cyberattack involving externally introduced malware. The attackers deployed malicious software that encrypted portions of stored data and exfiltrated copies of this information. SKM General Secretary Stephan Buttgereit confirmed the incident in a public statement released on September 1, noting that both law enforcement agencies and relevant data protection authorities had been notified and were participating in the investigation. The organization, operating under the umbrella of the SKM Federal Association, immediately isolated the breach by disconnecting affected systems from networks and powering them down to contain further damage. This rapid containment prevented additional data compromise or system degradation beyond the initial encryption and copying activities.

Following system isolation, SKM technicians fully rebuilt or reinstalled all compromised infrastructure, restoring operational capabilities to full functionality. While the organization confirmed system recovery, it acknowledged the possibility that personally identifiable information might have been among the encrypted and exfiltrated datasets. The incident mirrored a prior attack on the Caritasverband of the Archdiocese of Munich and Freising, where threat actors similarly encrypted files and stole data while demanding cryptocurrency ransom—a demand the Caritasverband had refused to fulfill. No explicit ransom demand or payment details were disclosed in SKM's public communications regarding their breach. The organization maintained focus on forensic analysis through collaboration with investigative authorities without elaborating on specific technical vulnerabilities exploited or the exact scope of potentially compromised personal data.