Cyber Incident Victim: Schwälbchen Molkerei Jakob Berz AG

On or around June 30, 2023, Schwälbchen Molkerei Jakob Berz AG became aware that it was the target of a cyber attack. The incident was significant enough to warrant the immediate issuance of an ad-hoc announcement to the public via the EQS Group, a standard procedure for publicly traded companies in Germany to disclose material information. The announcement, published at 14:32 CET/CEST, confirmed the company was affected by a cybersecurity incident impacting parts of its IT infrastructure. The immediate consequence of this attack was a significant impairment of the company's overall accessibility, suggesting that critical communication systems, such as email and telephony, were disrupted or taken offline. This disruption likely affected both internal operations and external communications with customers and partners.

Despite the severe impact on its IT systems and communications, the company's core operational functions remained intact. The ongoing production processes, which are the lifeblood of the dairy, and the logistics operations, responsible for distributing its products, were confirmed as not being affected by the attack. This indicates that the company's operational technology (OT) systems, which control the physical manufacturing equipment, were either isolated from the affected IT network or were not directly targeted by the attackers. The continued operation of production and logistics was a critical factor in mitigating the overall business impact, allowing the company to continue manufacturing and delivering its products to market.

A primary and serious concern following the attack was the potential compromise of sensitive corporate data. The company's official statement explicitly noted that it remained an open question to what extent company data had been acquired by unauthorized third parties. This uncertainty pointed to a strong possibility that the cyber attack involved a data breach component, potentially including data exfiltration. The nature and sensitivity of the data that may have been accessed, such as financial records, employee information, or proprietary recipes, were not disclosed. Determining the scope of any data loss became a key focus of the subsequent investigation.

In response to the incident, Schwälbchen Molkerei initiated a comprehensive recovery and investigation process. The company stated that work was underway on the full restoration of all affected systems. This effort involved assessing the damage, cleansing systems of any malicious artifacts, and restoring data from backups where possible. Furthermore, the organization engaged in close collaboration with relevant security authorities, indicating that the incident was reported to law enforcement or data protection regulators. This step is typical for serious cyber incidents, particularly those involving potential data breaches, and allows for official investigation and potential attribution. Concurrently, the company enlisted the support of an external IT security service provider. This action suggests the engagement of a specialized cybersecurity firm for incident response services, including forensic analysis to determine the root cause of the breach, identify the extent of the damage, and assist with the secure recovery of the IT environment.

The public communication, issued by Herr Günter Berz-List and containing the company's contact information, served as the primary official source of information regarding the incident. The timing of the announcement, on the same day the incident was discovered or declared, demonstrates a prompt response to regulatory obligations for transparency. The focus of the initial message was on confirming the event, outlining the known operational impacts, acknowledging the data uncertainty, and reassuring stakeholders of the proactive response measures being taken. The incident at Schwälbchen Molkerei exemplifies a scenario where a cyber attack successfully disrupted business administrative functions and threatened data security but failed to halt physical production, highlighting a separation between corporate IT and industrial control systems. The full restoration of systems and the final determination regarding data exfiltration remained ongoing processes following the initial disclosure.