A cyber attack on the e-mail inboxes of the SPD party executive may have resulted in a data leak. The party has announced that a security gap in Microsoft software was misused. The attacks are said to have taken place in January of this year. The Federal Office for Information Security (BSI) and the Federal Office for the Protection of the Constitution investigated the incident when it became known in April.
The investigations were comprehensive, and the forensic analysis has now been completed. The security gap was closed in April. Microsoft was involved in the investigation and announced that the vulnerability had been abused by a Russian actor. According to an SPD spokeswoman, a small number of e-mail inboxes belonging to the SPD party executive were affected, and it cannot be ruled out that there was a data breach.
The potentially affected parties have been informed in accordance with the General Data Protection Regulation. The SPD is planning to increase resources for IT security and is consulting with other democratic parties and security authorities to improve their level of protection. The Secretary General of the Social Democrats, Kevin Kühnert, stated that the attack was likely carried out by attackers from Russia, which is not surprising given the party’s stance on Russia’s war of aggression in Ukraine.
Kühnert emphasized that we are in a time of increasingly aggressive cyber attacks, as other recent cases have shown. However, the SPD is not intimidated by such attacks. It is important to note that political parties in Germany have frequently reported security gaps, data protection violations, and cyber attacks. In another case, the AfD membership applications were temporarily stored unprotected and accessible to everyone on the internet.
