Cyber Incident Victim: Deutsche Presse-Agentur

On or around October 1, 2022, Deutsche Presse-Agentur (DPA) experienced a cybersecurity incident involving one of its IT service providers. According to Spiegel, the provider—responsible for printing and distributing salary statements for DPA employees—was compromised in a ransomware attack. Attackers successfully encrypted the provider’s servers and systems, disrupting payroll operations. The breach did not extend to DPA’s internal systems, as the attackers were unable to gain access to them. At the time of reporting, it remained unclear whether the attackers exfiltrated any sensitive employee data during the incident. DPA responded by activating a crisis management team to address operational disruptions and coordinate recovery efforts. The incident highlighted dependencies on third-party vendors for critical business functions, though specific technical details about the attack vector, ransom demands, or identity of the threat actors were not disclosed in available reports.

The attack coincided with a separate ransomware incident affecting the German media group Stimme, which prevented the printing of the Heilbronner Stimme newspaper on October 17, 2022. While both incidents involved ransomware targeting media-related entities, no direct link between the attacks on DPA’s provider and Stimme was confirmed in the source material. The Heilbronner Stimme disruption demonstrated tangible operational impacts, including the inability to distribute a physical edition. For DPA, the primary consequences centered on payroll processing delays and potential data exposure risks for employee information managed by the compromised provider. No further details about data restoration, financial losses, or long-term remediation steps were reported in the available article.