Cyber Incident Victim: Zweckverband gemeindliche Datenverarbeitung im Landkreis Neu-Ulm
Date:
Nov 2023
Location:
Germany
Summary
A cyberattack targeted the Zweckverband gemeindliche Datenverarbeitung im Landkreis Neu-Ulm, disrupting its data center operations and causing widespread service outages for eleven affiliated municipalities. Critical citizen services including passport applications, residency registration, municipal payments, and cemetery management were severely impacted. The organization confirmed hackers attempted extortion, though specific demands remain undisclosed. Recovery efforts are prioritized, but prolonged operational limitations are expected across affected town halls, with residents advised to verify service availability by phone before visiting facilities.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On November 1, 2023, the Zweckverband gemeindliche Datenverarbeitung im Landkreis Neu-Ulm (Municipal Data Processing Association of the Neu-Ulm District) experienced a cyberattack that disrupted its operations as the central data center for eleven affiliated municipalities. The attack rendered critical IT systems inoperable, forcing an indefinite shutdown of the shared infrastructure. This immediately impacted citizen services across Altenstadt, Bellenberg, Buch, Holzheim, Kellmünz, Nersingen, Oberroth, Osterberg, Pfaffenhofen, Roggenburg, and Unterroth. Municipal functions reliant on the data center—including citizen offices responsible for resident registration and passport issuance, municipal cashier services, and cemetery administration—faced severe operational limitations. Residents were unable to process routine administrative tasks such as passport applications or fee payments through standard channels. The attackers issued an extortion demand to the municipalities, though the nature of the compromise (e.g., ransomware, data theft) was not disclosed in public statements. Mathias Stölzle, Chairman of the Zweckverband, confirmed the cyber incident but did not specify the attack vector or identify the threat actors.
The Zweckverband initiated emergency response protocols, prioritizing system restoration while coordinating with affected municipalities to mitigate service disruptions. Municipalities publicly advised residents to contact local town halls by phone before attempting in-person visits to verify service availability, as processing delays and functional restrictions persisted across all impacted administrative departments. No definitive timeline for full recovery was provided, though the association emphasized ongoing efforts to resolve the outage "as soon as possible." The incident caused sustained operational paralysis for core municipal services, with no immediate resolution or public confirmation of whether data exfiltration occurred. Service continuity challenges remained unresolved at the time of reporting, with recovery efforts continuing amid the extortion attempt and system unavailability.