BERLIN — Personal data and documents on hundreds of German politicians and others have been posted online, and German cyber-defense experts were trying to figure out Friday how the information was obtained.
The data breach hit politicians at all levels, including the European, German and state parliaments as well as municipal officials, said Martina Fietz, a spokeswoman for Chancellor Angela Merkel.
“The German government takes this incident very seriously,” she said Friday, adding that the country’s cyber-defense center was investigating the breach.
Interior Minister Horst Seehofer said an initial analysis suggests that the material was obtained from cloud services, email accounts or social networks. He said there was no indication that federal government or parliament computer systems were compromised.
Fietz told reporters that “it appears, at first sight, that no sensitive information and data are included in what was published, including regarding the chancellor.”
Public broadcaster RBB, which first reported on the issue Friday morning, said there appeared to be no method to what was posted via a Twitter account.
Although the data reportedly include information such as cellphone numbers, addresses, internal party communications and in some cases personal bills and credit card details — some of the data years old — RBB said there appeared to be no politically sensitive documents.
The German news agency dpa reported that the information included a fax number and email address belonging to Merkel and several letters to and from the chancellor.
The Twitter account in question, which was still online early Friday with about 17,000 followers but was later suspended, had been active since mid-2017.
The links it posted suggested that information on politicians from all parties in parliament except the far-right Alternative for Germany had been shared in daily batches before Christmas along with data on YouTubers and some other public figures. The last post was on Dec. 28.
The head of Germany’s IT security agency, Arne Schoenbohm, said authorities had been aware of individual cases in December but material was posted online on a large scale Thursday evening. He said the agency believes data on about 1,000 people were involved, and confirmed that one party in parliament wasn’t affected — though he wouldn’t name it.
Schoenbohm said there had been “a high two-digit number of attacks which were very successful” in which accounts were infiltrated and data and documents, such as copies of ID cards, extracted.
“Via this infection, it seems that other data could be tapped, such as first and last names but also cellphone numbers,” he added.
In many cases, he said, the information was limited or already publicly available. Schoenbohm’s agency was still working to figure out how the attack started and who was behind it.
Schoenbohm said checks on some of the information shared in this case showed it was genuine, but authorities couldn’t rule out fake data having been mixed in.
Germany has seen cyberattacks on government and parliament computer systems in recent years in which Russian-backed hackers were suspected. Berlin has been a leading backer of sanctions against Russia over its actions in Ukraine.
German officials didn’t comment Friday on whether there were any indications foreign intelligence services were involved, citing the ongoing investigation.
Tom Kellermann, the chief cybersecurity officer of Carbon Black, said the latest hack had all the hallmarks of Russian state-backed hackers.
He said it made perfect sense that none of the targets in this hacking campaign was from Germany’s far right, and that it appeared aimed at “undermining the German political process and essentially stoking fires of the mob.”
“It’s in Russia’s best interests for the far-right politicians to be successful,” Kellermann added.
———
Frank Bajak contributed to this report from Boston.