Man arrested over major data breach in Germany

A twenty-year-old man is reported to have confessed to being behind a recent data breach which saw links to the personal information of hundreds of Germany’s politicians, journalists and celebrities posted online.

 The incident, which is among the most severe cases of a data leak to hit the German nation, played out at the start of December 2017. It wasn’t until early 2019 that journalists discovered the leak and just how many public figures had been affected.

Angela Merkel was one of those hit by the disruption; the chancellor was one of many politicians on all levels of seniority to have personal data, documents, phone numbers and photographs published on the internet.

BKA Federal Criminal Office have released a statement explaining that a suspect was located and arrested in the central German state of Hesse on the weekend, but no further details have been disclosed.

On its website, the German newspaper, Der Spiegel said that the man had confessed to the cyber-crime, and that he had not been given thought to the wide-reaching ramifications his actions were to have. The leak is currently not thought to be connected to any overseas governments.

It is not yet known if the arrest is related to a search that took place on the apartment of Jan Schuerlein, a nineteen-year-old IT worker in the southern town of Heilbronn. Schuerlein had confessed to involvement in the incident, but did not admit to being the primary perpetrator. Now being treated as a witness in the process, Schuerlein is said to be giving police efforts his full cooperation.

More broadly, the leak has thrown the need for stronger data security laws into sharp relief, following the failure of a government cyber defence agency in Germany to issue a proper investigation into suspicious email activity on private accounts in the run up to December.

Experts are seeing the widespread disruption as a wakeup call for all organisations to appreciate the need for more a more robust and dedicated approach to cyber security.

Matthias Maier, security evangelist at cyber intelligence firm, Splunk told GDPR: Report:

  “The hack clearly took place over a long period of time and taking this data down immediately will be difficult as the hacker spread the information across multiple sites.

“The motivation for this hack is interesting as it is seemingly not financial but malicious and aimed to cause chaos. Clearly, it was executed by competent technical individuals, but they could have chosen a more impactful time to release the data. Doing so before a big political event or announcement. The hack also shows yet again that just installing a regular virus scanner on your device is not enough. Large enterprises and government agencies are steadily recognizing this and are investing significant resources to improve their cyber security capabilities. This means moving to a detect and respond approach which requires investment in people, process and new technology to ultimately provide a better and more rounded approach to security.

“Politicians might have several security guards to protect their physical security, but it’s also crucially important that they consider how their cyber identity and assets are being protected. This event will certainly result in a change of mindset.

“The most important step for those impacted is to identify where the leaked data was held and to assume that their personal devices, online accounts and full online identity has been hacked. This means they can no longer trust their devices, they should turn them off as their microphones might be in a constant listening mode.

“They should get support from an IT professional to carry out an investigation into the device and to implement a clean-up before it’s used again. Secondly, via a new or trusted device all their digital identities should be reviewed for any malicious changes – like newly authorized apps on their social media channels or any changed e-mail addresses in their profiles. They should then change all appropriate passwords.”


PrivSec Conferences will bring together leading speakers and experts from privacy and security to deliver compelling content via solo presentations, panel discussions, debates, roundtables and workshops.

For more information on upcoming events, visit the website.

We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.