Federal Statistical Office: No data outflow from IDEV reporting system
Criminals claimed to have stolen data from Destatis. The Federal Statistical Office found no evidence of data leakage.
(Image: Destatis / Bearbeitung durch heise online)
Last week, cyber criminals offered 3.8 GB of data for sale in the digital underground, allegedly from the Federal Statistical Office (Destatis). The authority has now announced that no data has been leaked from the IDEV reporting system.
Destatis announced that security authorities and the Federal Office for Information Security (BSI) initiated investigations on November 13, directly following indications of an alleged data leak. "In comprehensive stress tests and data flow analyses by the BSI, no indications of security or data leaks were identified. The reporting system was therefore not affected by a hacker attack and no data from reporting companies or other reporting bodies was tapped in aggregated form," explains the authority.
Companies must resume reporting
The Federal Statistical Office had taken the IDEV reporting system offline as a precautionary measure, as the allegedly captured data could have originated from it. In addition, all access passwords were reset. Destatis intends to contact the companies active in the IDEV system and ask them "to resume their reporting activities". From Monday, November 25, the IDEV system should be accessible again for reporters. Reporting deadlines and reminder procedures have been extended or suspended for the duration of the unavailability and affected companies have already been informed.
The statistical offices of the federal states have also taken their IDEV systems offline. These should be available again from today, Thursday.
Videos by heise
Suspected origin of data in underground forum
The analyses by the security authorities indicate "that user data from individual companies has been leaked by the reporting companies", Destatis suspects. According to the report, the perpetrators gained access to "the user data or the reporting receipts of the attacked companies" through potentially successful phishing attacks and "misused them".
A week ago, it became known that cyber criminals had offered 3.8 GB of data for sale in underground internet forums, which allegedly originated from Destatis. Criminals have boasted on Telegram that they have obtained access to data to IDEV accounts.
(dmk)
