Cyber Incident Victim: Erzbistum Köln

On or around May 18, 2023, a cyber attack targeted Mivitec GmbH, a Munich-based data center operator. This incident caused a significant and widespread IT outage, as Mivitec GmbH was an IT service provider for the Archdiocese of Cologne (Erzbistum Köln). The attack on this third-party service provider had an immediate cascading effect, rendering numerous affiliated websites and digital services completely unreachable. The primary website of the Archdiocese of Cologne, www.erzbistum-koeln.de, was among the first and most prominent entities confirmed to be affected by this disruption.

The impact of the attack extended far beyond the central archdiocesan website. Numerous Catholic parishes within the region, such as the community behind www.katholisch-im-wuppertaler-westen.de, found their websites offline. Various Caritas associations, which are charitable organizations linked to the Catholic Church, were also impacted. Educational and event-oriented institutions, including Bildungswerke (education centers) and Tagungshäuser (conference centers), experienced service interruptions. The scope of affected entities was described as "numerous other church communities," indicating a broad compromise of digital infrastructure reliant on Mivitec's services.

In direct response to the outage, the IT department of the Archdiocese of Cologne initiated emergency measures to restore a basic online presence for its dependent entities. A central component of this response was the creation and deployment of emergency websites. These substitute sites served as a critical stopgap, providing essential information and maintaining a line of communication with the public while the primary systems remained incapacitated. The restoration process for the main hosted services was protracted, spanning several weeks.

The website www.katholisch-im-wuppertaler-westen.de, for instance, was unavailable from Thursday, May 18, 2023, until Wednesday, June 7, 2023. On June 7, the primary website was restored and brought back online, allowing for the subsequent deactivation of the temporary emergency site that had been in use. The IT department of the Archdiocese of Cologne was publicly acknowledged for its efforts in providing this emergency solution, maintaining clear communication throughout the event, and performing the extensive restoration work required.

Following the return of the primary websites, a period of stabilization and further repair was necessary. The content on restored sites was outdated, reflecting the state from approximately three weeks prior, at the time of the attack. A primary task for IT personnel in the days following the return to service was to update these websites to their most current state. Furthermore, many integrated applications and linked services did not function correctly immediately upon restoration. These components required additional, separate repair efforts after the core websites were back online.

One specific example of a affected linked application was the Gottesdienstordnung, a system for displaying church service times and information. This functionality was not operational when the main websites were first restored on June 7. The repair for this particular application was not completed until more than a month after the initial incident. Full functionality for the Gottesdienstordnung was confirmed to have been restored by Thursday, July 6, 2023. The extended timeline for the complete restoration of all interconnected systems highlights the complexity of the recovery process following the attack on the central IT provider. The incident demonstrates the severe operational consequences that can arise from a supply chain attack on a critical third-party vendor, disrupting a wide network of organizations simultaneously.