Cyber Incident Victim: Hofmann Fördertechnik
Date:
Mar 2025
Location:
Germany
Summary
Hofmann Fördertechnik suffereda cyberattack in which attackers gained access to its servers, causing a complete shutdown of IT systems. The company immediately took all servers offline and engaged external specialists to prevent further intrusion. While work continues to restore operations securely, the incident may have exposed personal data, prompting coordination with the data protection officer and law enforcement. Despite existing cyberdefenses and contingency plans, the organization expects ongoing limitations in daily operations until full service is resumed.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
In the night between30 March and 31 March 2025, attackers gained unauthorized access to the servers of Hofmann Fördertechnik, resulting in a complete outage of the company’s IT systems. Upon discovering the breach, the company immediately shut down all servers to block further access and limit potential damage. External cybersecurity specialists were engaged to assist with the investigation and remediation efforts. Ulrich Hofmann, the managing director, stated that the team was working intensively to restore the servers and systems securely, while noting that no precise information about the attack vector or expected restoration timeline was available at that moment.
The ongoing IT disruption led to continued restrictions in the company’s daily business operations, prompting a request for understanding from customers, suppliers and business partners. Hofmann Fördertechnik acknowledged that such an attack could jeopardize the protection of personal data and could not exclude the possibility that such data had been disclosed to unauthorized third parties. According to the ransomware monitoring site ransomware.live, the attackers exfiltrated approximately 1.7 terabytes of data, although the company had not officially confirmed any data theft. The firm remained in close contact with its data protection officer and cooperated with the relevant investigative authorities to examine the incident and determine appropriate steps.
Despite the incident, Hofmann Fördertechnik pointed out that it had previously implemented comprehensive cyber defence measures and emergency response plans. The company stated that it expected its internal IT department, together with external specialists, to be able to return the systems to operation soon. The team continued to work under high pressure to rebuild a secure IT environment while maintaining communication with stakeholders about the status of recovery. Investigations into the attack remained ongoing, with authorities and internal teams analysing the breach to prevent further unauthorized access.