Baden-Württemberg: Cyberattack on "THE LÄND" Online Shop

The online shop of the Baden-Württemberg State Ministry is struggling with a cyberattack. According to the state, attackers exploited a previously unknown security vulnerability in the shop system of "THE LÄND" between December 27 and 29, 2025. The "fän shop" of the site is now offline. The State Ministry has stated that it reacted immediately, shut down the online shop, and filed a criminal complaint.

As a spokesperson for the State Ministry announced upon request, the attackers could have "gained access to customer data such as names and email addresses." The shop was not only compromised but actively manipulated: "Furthermore, a manipulated payment page was set up, through which attempts were made to intercept credit card data from customers and collect payments."

According to current knowledge, the state assumes "a low double-digit number of affected individuals." A final analysis is still ongoing. Although "prepayment (bank transfer) and PayPal" are generally the intended payment methods during regular operation, the attackers also attempted to trigger credit card payments for actually free items such as the well-known "Nett hier" stickers. "The amounts actually debited were significantly higher than the sums shown in the order process," it continues.

Security vulnerability enabled access

The shop system is most likely one from Gambio. The provider published a "new security update package" on December 30, 2025, in a forum post, the installation of which we strongly recommend to all shop operators." The vulnerability, which is likely to affect 25,000 shops, is classified as "critical".

Customers have been informed, as can be seen from a post on Reddit. Affected individuals are advised to carefully check their bank and credit card statements and to react immediately if any discrepancies are found. The state accepts information about the incident via email to shop@thelaend.de. Investigations and forensic analysis of the incident are ongoing.

(mack)