Cyber Incident Victim: Plüsch-Tierheim
Date:
Jan 2023
Location:
Germany
Summary
The Plüsch-Tierheim organization suffered a cyberattack compromising its DHL business account, enabling unauthorized parties to print shipping labels totaling €26,622.74 for fraudulent shipments to Eastern European countries. Hackers exploited the system over multiple days, with the breach detected through abnormal banking transactions. Despite immediate countermeasures—including password resets, system reinstalls, police reports, and legal consultations—DHL denied liability and demanded payment, threatening the organization's financial viability. The incident forced the victim to seek public donations to cover losses and avoid closure, while criticizing DHL for lacking fraud detection mechanisms during sustained suspicious activity. Operational continuity was maintained for core services, with enhanced cybersecurity insurance implemented post-incident.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
The Plüsch-Tierheim, a plush animal shelter based in Alsdorf, Germany, experienced a cyberattack targeting its DHL business customer portal between January 24 and February 3, 2023. Attackers gained unauthorized access to the portal and printed shipping labels totaling €26,622.74 to send goods primarily to Eastern European countries including Russia, Kazakhstan, and Hungary – destinations not serviced by the organization. The breach was detected on February 3 when founder Marcel Ziarek noticed the fraudulent DHL debit in the organization's online banking records. Immediate containment measures included changing all system passwords, formatting and reinstalling affected computers, canceling the DHL direct debit authorization through their bank (Sparkasse), and filing a police report. The organization also consulted legal counsel, enhanced virus protection software, and contacted multiple insurance providers, though their business liability insurance declined coverage for the incident.
Despite prompt notification to DHL requesting cancellation of unauthorized shipments, the logistics company delivered all fraudulently generated parcels and subsequently demanded payment for the labels. DHL's IT security team determined they bore no liability, asserting the compromise originated from Plüsch-Tierheim's systems. The financial impact threatened immediate closure of the organization, prompting a public donation campaign through bank transfers and PayPal while awaiting potential media coverage from RTL-West. Operational continuity was maintained for plush animal distribution and donations throughout the crisis. Plüsch-Tierheim implemented new cyber insurance coverage against future attacks but criticized DHL for lacking fraud detection mechanisms despite eight consecutive days of abnormal shipping activity to atypical destinations. The incident resulted in significant emotional distress for staff, including fears of bankruptcy and permanent closure, with no recovery of losses through insurance or DHL cooperation as of the last reported update.