A major data breach has exposed sensitive information from political parties across Germany’s political spectrum, with the notable exception of the far-right Alternative for Germany (AfD). The leak has revealed internal party documents and personal details for hundreds of German politicians at both federal and state levels.
Berlin-area public broadcaster RBB Inforadio first reported the incident on Friday morning. According to the report, the materials were originally published in December from a Hamburg-based Twitter account in an Advent-calendar style, releasing files incrementally.
Investigators are still determining how the data was obtained. Germany experienced a significant cyber intrusion into government systems in early 2018 that targeted sensitive networks and is believed to have affected the defense and foreign ministries. Authorities later said security services had detected the breach and monitored it in a controlled manner while gathering intelligence.
In a separate incident in November, the Russian-linked hacking group known as “Snake” reportedly accessed email accounts belonging to several German officials. Germany’s domestic intelligence service, the Federal Office for the Protection of the Constitution (BfV), stated at the time that it was unclear whether any data had been exfiltrated.
Much of the newly leaked material consists of contact information such as home addresses and mobile phone numbers. In addition, documents containing banking and financial details, copies of ID cards, and private chat logs appear to have been released in some cases. The selective omission of AfD from the leak has led analysts to consider a politically motivated intent. Publishing opponents’ personal contact information is a common tactic in doxxing campaigns designed to intimidate and discourage public engagement by targeted individuals.
In response to the discovery, officials convened an emergency meeting of the National Cyber Defense Center to coordinate the investigation and containment efforts. Law enforcement agencies continue to analyze the scope of the compromise and the potential damage to affected individuals and institutions.
Update (08/01/19): Authorities report that a 20-year-old man has confessed to carrying out the breach. Using the pseudonym “G0d,” he allegedly posted the stolen data under the Twitter handle @_0rbit, which has since been suspended. In his online biography, he described himself as engaged in “security research.” Police have seized computer hardware and continue forensic examinations as part of an ongoing investigation.
Individuals whose information appears in the leak are being advised to take precautions, such as changing passwords, monitoring financial accounts for suspicious activity, and reporting threats or harassment to the authorities. Political parties and public institutions are reviewing security practices and working with cybersecurity experts to strengthen defenses and reduce the risk of future incidents.
Interested in discussions about cybersecurity incidents like this and learning from industry experts? Consider attending major cybersecurity and cloud events to hear panels and case studies about attack prevention, incident response, and best practices for protecting sensitive data.