Cyber Incident Victim: Gesellschaft für wissenschaftliche Datenverarbeitung mbH Göttingen
Date:
Sep 2023
Location:
Germany
Summary
A cyberattack breached the Gesellschaft für wissenschaftliche Datenverarbeitung's IT infrastructure, detected early by internal security systems which minimized further impact. Forensic investigation confirmed no operational disruptions or data losses, though these couldn't be entirely ruled out; precautionary measures included mandatory password resets for all accounts, deactivation of non-compliant ones, temporary service restrictions, and heightened monitoring. External experts collaborated on enhanced security upgrades beyond existing standards, with potential intermittent service limitations anticipated during ongoing improvements.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 0 motives | 0 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On September 28, 2023, internal security systems at Gesellschaft für wissenschaftliche Datenverarbeitung mbH Göttingen (GWDG) detected a cybersecurity incident involving unauthorized access to its IT infrastructure. GWDG, which provides digital infrastructure services for the University of Göttingen and the Max Planck Society, immediately initiated forensic investigations with external cybersecurity experts and notified relevant authorities. The organization confirmed no operational disruptions to its systems or data availability at the time of detection, though administrators temporarily disabled certain services as a precautionary measure and restricted user account management functions, including new account creation. University President Metin Tolan publicly acknowledged the breach, mandating all University of Göttingen employees to reset their work-related passwords. Initial assessments found no evidence of data exfiltration, though investigators could not definitively rule out potential data compromise during the intrusion.
By the conclusion of forensic analysis, GWDG confirmed the attack had been contained in its early stages through existing security monitoring protocols, preventing widespread impact. The organization implemented additional security measures beyond its existing high standards, including enhanced infrastructure monitoring and systematic password resets for all user accounts, with a mandatory deadline of October 9, 2023, at 13:00 for completion. Accounts failing to comply with password reset requirements faced scheduled deactivation. GWDG credited rapid credential updates and collaborative support from institutional IT partners for mitigating potential damage, while acknowledging possible temporary service limitations during ongoing security enhancements. All previously disabled services underwent verification before gradual restoration, with the organization maintaining continuous communication through status updates and direct notifications to affected academic and research institutions relying on its infrastructure.