On February 10, 2025, the IT systems of the Secretariat of the German Bishops’ Conference, along with the Association of Dioceses of Germany, became the target of a cyberattack. The attack was attributed to a group associated with organized cybercrime. Upon discovering the attack in the late afternoon, emergency protocols were immediately initiated, including disconnecting the affected systems from the internet. Authorities and the Data Protection Officer were promptly informed of the breach.
External specialists in IT forensics were engaged to investigate how the attackers managed to breach the robust multi-layered security systems protecting the IT infrastructure. These experts are examining the methods used to circumvent security measures and assessing the extent of the breach.
The investigation is ongoing, and efforts are focused on understanding the technical details of the attack and its potential impact on the systems.
As a result of the incident and the necessary investigation, access to the affected IT systems, including email services, has been restricted. This disruption has hindered the ability of the affected systems to be fully operational. The investigation team is also focusing on whether any sensitive or personal data was extracted by the attackers during the breach.
If the investigation reveals that personal data was indeed compromised, the Association of Dioceses of Germany has committed to informing those affected in line with data protection regulations. The group is ensuring compliance with legal requirements regarding the notification of data subjects and will take steps to mitigate any potential damage caused by the breach.
Reference:
