BWI, associated with Deutsche Leasing, fell victim to a cyber attack in June 2023, impacting its IT systems. Quick response measures were implemented, involving the shutdown of system access and collaboration with investigative authorities. While essential IT systems handling business processes remained uncompromised, a subsequent analysis revealed unauthorized access to individual servers and data.
Notably, personal documents from Deutsche Leasing surfaced in the Darknet, containing sensitive information, prompting immediate notifications to affected parties and relevant data protection authorities.
In response to the incident, BWI took decisive steps to mitigate potential negative consequences. Close collaboration with IT security experts commenced, leading to the engagement of a service provider to monitor the Darknet for any data publications by the attackers. The cyber attack was reported to the Hessian Data Protection and Freedom of Information Commissioner within specified deadlines. Acknowledging the inconvenience caused, BWI expressed regret and aimed to keep potentially affected individuals informed through updates on its company website.
Despite the challenges posed by the cyber attack, BWI successfully completed the IT forensic analysis, allowing the restoration of IT systems, applications, and interfaces with customers and partners. While specific details about the data theft were outlined, there remained a possibility of further personal data being affected. The ongoing collaboration with IT security experts and the commitment to transparent communication underscored BWI’s efforts to address the incident responsibly and minimize its impact on stakeholders.
