Cyber Incident Victim: City of Klagenfurt

In June 2022, a ransomware attack disrupted multiple systems belonging to the Austrian state of Carinthia (Kärnten), headquartered in Klagenfurt. The incident caused operational paralysis across affected systems for several days, though specific departmental impacts were not detailed in public reports. During the attack, threat actors exfiltrated sensitive personal data, which subsequently appeared on darknet platforms. Security researcher Sebastian Bicchi, founder of Sec-Research, publicly documented the data leak through a Twitter post, noting that compromised materials allegedly included scanned passports containing personally identifiable information. The publication of these records heightened concerns about identity theft and privacy violations targeting affected individuals. No ransomware group claimed public responsibility for the attack at the time of reporting, and the exact scope of compromised systems remained unspecified.

The Carinthian administration faced concurrent challenges containing the breach while defending against follow-up cyber intrusions, though the nature of these subsequent attacks was not elaborated. Operational recovery efforts focused on restoring disabled systems, with downtime extending through multiple business days. Data exposure risks centered on the darknet publication of government-held personal documents, creating potential long-term consequences for citizens’ digital security. Authorities did not disclose whether ransom demands preceded the data leak or specify containment measures taken during the incident. The breach marked a significant operational and reputational incident for the regional government, compounding technical disruptions with obligations to address data protection violations under EU regulations.