Cyber Incident Victim: Landesnotarkammer Bayern
Date:
Jul 2024
Location:
Germany
Summary
A ransomware attack targeted the IT infrastructure of Bavarian and Palatinate notary organizations, resulting in unauthorized access and data encryption across servers. The breach involved exfiltration of unstructured metadata, potentially compromising personal information including names, addresses, birth dates, contact details, and social security numbers. Attackers gained access to databases and file servers, with confirmed data leakage creating risks for subsequent cyberattacks like targeted phishing. Immediate containment measures included network isolation, closure of the intrusion vector, staff notifications, and reporting to regulatory and law enforcement authorities. External forensic experts were engaged to investigate the incident while affected parties were advised to monitor for suspicious activities.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 3 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
In the night of July 8-9, 2024, the professional organizations of Bavarian and Palatinate notaries – including Notarkasse, Landesnotarkammer Bayern, Notarkammer Pfalz, and Bayerischer Notarverein – experienced a ransomware attack compromising their IT infrastructure. Malware infiltrated systems, encrypted portions of server data to render it unusable, and executed confirmed data exfiltration. Forensic analysis revealed the attackers potentially accessed databases and file servers, primarily affecting unstructured metadata repositories. Compromised personal data included full names, professional and private addresses, birth dates, telephone numbers, email addresses, and social security numbers. The intrusion pathway allowed the malware to operate until containment measures were implemented. Detection occurred during the active encryption phase, prompting immediate incident response protocols.
The data breach carries significant risks of secondary exploitation through targeted phishing campaigns leveraging stolen personal information, with potential dissemination or publication of exfiltrated data remaining possible. Upon discovering the attack, affected organizations disconnected all IT systems from networks to halt malicious activity and closed the malware's initial access vector. Staff at Notarkasse headquarters received immediate notification while authorities including legal supervisory bodies, data protection agencies, and Bavaria's State Criminal Police Office were formally notified. External IT forensic specialists were engaged to analyze attack vectors and impact scope. Ongoing investigations focus on determining the full extent of compromised systems and verifying whether structured data repositories beyond metadata were accessed during the intrusion window.