Cyber Incident Victim: Sozial-Holding Mönchengladbach
Date:
Mar 2025
Location:
Germany
Summary
Sozial-Holding Mönchengladbach suffered a cyberattack that disabled its email and telephone systems and led to the unauthorized access or alteration of resident, employee and company data, including personal identifiers, health and care records, personnel files, login credentials and business information. After detecting the breach, the organization reported the incident to police, informed data‑protection authorities and external security experts, notified the relevant supervisory authority under Article 33 GDPR, secured the affected systems and began restoration efforts while assessing the risk of identity theft, phishing and fraud for those whose data were compromised.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On 17 March 2025 the IT system of Sozial‑Holding Mönchengladbach was targeted by a hacker attack, according to the organization’s own statement. The attack paralyzed the IT infrastructure of the municipal elderly homes operated by the holding, leaving neither e‑mail nor telephone services functional. As a result, the facilities and the corporate headquarters of the Sozial‑Holding were temporarily unreachable by phone or e‑mail, while the broader city administration of Mönchengladbach (approximately 270 000 residents) remained unaffected. The holding confirmed that the supply of residents in its six elderly homes and the daily provision of several thousand meals to homes and schools continued to be ensured despite the outage. A police report was filed immediately after the incident was detected.
The unauthorized access resulted in the theft or manipulation of various categories of data, including personal data such as names, addresses and birth dates, health and care information of residents, employee data comprising personnel files and payroll records, access data and passwords, and company‑related information. Upon detecting the breach, the Sozial‑Holding intensified its IT security measures to block further unauthorized entry and engaged external IT‑security experts. It notified the competent data‑protection supervisory authority in accordance with Article 33 of the GDPR and informed data‑protection authorities. Investigative authorities were involved to identify the perpetrators. Affected systems were subsequently restored and additional protective measures were implemented to secure the environment.
The Sozial‑Holding employs around 900 staff members across its operations, which include the six elderly homes and related catering services. The organization stated that it regretted the incident deeply and affirmed its commitment to protecting the data of residents, employees and partners. It provided a dedicated e‑mail address (datenschutz@sozial‑holding.de) and telephone number (01743399765) for individuals seeking further information about the breach. The notice also referenced a prior incident in autumn 2023 when malware had encrypted the systems of an IT‑service provider in North Rhine‑Westphalia, temporarily disrupting services for more than seventy municipalities and causing significant financial damage. No further speculation about the attackers or future developments is included in the available sources.