Notification of a possible breach of the protection of your personal data
Dear customers of the dena Biogasregister,
in the following we would like to inform you about a possible incident in connection with your data in the Biogasregister Germany and the availability of our system:
What happened?
The Biogasregister Germany is hosted by an external data centre operator. Several locations of this service provider fell victim to a cyberattack on 18.05.2023. The German Energy Agency (dena), as the operator of the Biogasregister Germany, received written notification of the incident from the data centre operator on 22.05.2023. Immediately after receiving this information, we intensively dealt with the situation together with our service providers and dena's internal IT security officer.
After the investigations initiated so far, it is currently clear:
Large parts of the hosted systems on the servers of the external data centre operator were encrypted using an encryption Trojan, including the Biogasregister Germany.
So far, the data centre operator assumes that no changes have been made to the data records and that the confidentiality of the data is not at risk. At the current state of knowledge, only the availability of the data and the hosted systems is not given. For security reasons, all systems were shut down immediately.
What is the data centre operator doing?
The data centre operator is currently working closely with a specialised service provider in the field of cyber security to find the best possible solution for all affected customers and to restore the encrypted data. We do not yet know how long this process will take, but we expect to have the first information in the next few days.
A report to the Bavarian State Office for Data Protection Supervision, BSI, LKA (Munich and Düsseldorf) has been made by the data centre operator.
What are dena's next steps?
We as dena have also informed the data protection authorities responsible for us and are in direct exchange with the LKA Berlin. At the same time, we are examining further legal steps.
In addition, we as dena have decided to set up the Biogasregister system on the servers of another external data centre operator. This serves as a safeguard in case the existing server structure cannot be used any longer.
Furthermore, we are in constant contact with our data centre operator affected by the cyberattack and will inform you immediately about any news.
What data may be affected?
-
Company master data
-
User data
-
Plant data
-
Production batch volume information
-
Audit documentation data
-
Invoice data
-
nformation on activity logs
At the moment, it can be assumed that no readout of the above-mentioned data has taken place.
We regret the incident at our data centre operator and the resulting unavailability of the Biogasregister Germany.
We are of course available to answer any questions you may have via our known communication channels. You can also contact our data protection officer. You can reach her at the telephone number +49 (0)30/66777-196 or at the e-mail address datenschutz(at)dena.de.