Cyber Incident Victim: Haus des Stiftens
Date:
Sep 2024
Location:
Germany
Summary
Haus des Stiftens experienced a cyberattack compromising its Munich-based servers, resulting in unauthorized access to sensitive donor information including personal and financial data such as names, addresses, contact details, account information, identification documents, and tax numbers. Attackers encrypted data and exfiltrated information from the systems. The organization disconnected affected IT infrastructure, engaged external forensic experts, and notified relevant authorities to investigate the breach and restore system integrity. Ongoing efforts focus on determining the full scope of impacted data while working to reinstate secure operations. The incident underscores significant exposure of personally identifiable information with potential risks of identity theft and financial fraud.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 2 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On September 21, 2024, Haus des Stiftens detected a cyberattack on its IT infrastructure during routine monitoring by internal IT experts. The attackers successfully breached systems at the organization’s Munich location, accessing stored data, encrypting files, and exfiltrating information. Initial assessments confirmed unauthorized access to servers containing extensive personal data, including donor information such as names, addresses, contact details, bank account numbers, identification documents, tax identification numbers, and additional sensitive categories. The organization promptly engaged external IT forensic specialists to investigate the breach, contain the threat, and restore system security. Multiple IT systems, including payment processing infrastructure, were taken offline to prevent further compromise. Authorities including the German Federal Office for Information Security (BSI), state police, the Bavarian State Criminal Police Office, and the Bavarian Data Protection Authority were notified, with Haus des Stiftens collaborating closely on the official response.
Forensic analysis confirmed data theft and encryption by the attackers, though the full scope of compromised records remained under investigation as of October 7, 2024. The incident disrupted core operational systems, necessitating prolonged recovery efforts to restore functionality and security. Haus des Stiftens acknowledged the likelihood of large-scale exposure of personally identifiable information, warning affected individuals of heightened risks including phishing attempts, identity theft, and financial fraud. Specific threats included unauthorized transactions, fraudulent contract signings, and malicious account creations using stolen data. The organization advised vigilance against suspicious communications impersonating Haus des Stiftens and recommended password changes for accounts linked to its services. No ransomware demands or specific attacker attribution were disclosed in the public statement. Restoration timelines remained undefined due to the complexity of securing systems and completing forensic reviews.