GWG Wohnungsbaugesellschaft

GWG Wohnungsbaugesellschaft is a housing association headquartered in Munich, Germany. The organization operates within the residential property sector, managing housing units and providing related services to residents in the Munich area. Its core function involves the administration, maintenance, and leasing of residential accommodations, serving the local community as a provider of social or affordable housing. The association's activities are governed by German housing regulations and municipal policies, positioning it within the public or semi-public housing landscape. No specific details regarding the total number of units managed, exact market share, or comparative size relative to other German housing associations are provided in the available information. Its operational scope is explicitly regional, focused on the city of Munich, and it functions under the legal structure of a Wohnungsbaugesellschaft, a common form for housing corporations in Germany.

In November 2020, GWG experienced a severe ransomware attack that compromised a significant portion of its IT infrastructure. The incident involved the encryption of primary data servers and backup systems, a tactic designed to prevent recovery and increase pressure for ransom payment. This attack rendered critical administrative and operational systems inoperable, causing substantial disruption to the association's daily services and business processes. While the attackers demanded payment in exchange for decryption keys, the association's specific response to these negotiations has not been publicly disclosed. The breach highlighted a critical vulnerability in the organization's data resilience strategy, as the simultaneous compromise of both production and backup data severely limited recovery options. Although operational impacts were confirmed, public reports did not verify the exfiltration of sensitive tenant data or quantify direct harm to individual customers. This cybersecurity event serves as a documented case of ransomware affecting a public-sector housing provider, illustrating the potential for widespread operational paralysis when backup systems are not adequately isolated from primary network threats. The attack prompted scrutiny of IT security practices within similar municipal service organizations.