Data protection incident at Delius Klasing publishing house

At the special-interest publishing house Delius Klasing, criminal perpetrators were able to view and extract data without authorization. The company is now warning about this in an email to affected customers.

The publishing house serves the interest areas of water sports, cycling, and cars, each with several magazine titles. Individual magazine titles each reach five-digit circulations. As the Delius Klasing publishing house states in the email, “personal customer data has been disclosed without authorization” by one of the service providers. This includes names and email addresses, and possibly the postal addresses of customers.

The company does not name which service provider it is or what it is commissioned with. However, together with the service provider, it has undertaken an investigation and, for example, mentions a log file analysis to clarify the details of the access by unknown third parties. Both the investigations and the implementation of technical and organizational countermeasures to contain the incident are still ongoing. The Delius Klasing publishing house has also reported it to the responsible data protection authority.

Data useful for phishing

The publishing house explains that the data could be misused to contact customers with realistic-looking messages or letters that pretend to be from the Delius Klasing publishing house. Malicious actors can thus try to obtain further data and passwords, as well as other information from potential victims.

Therefore, customers should exercise caution, especially with unexpected emails or letters, and should not open suspicious attachments or click on links within them. Recipients should also not disclose any passwords, login details, or access codes. If in doubt, customers should contact the publishing house through the official channels.

In response to an inquiry from heise online about any details of the IT incident, the Delius Klasing publishing house has not yet responded.

Such data leaks have been increasing for some time. For example, data stolen from the video service Vimeo initially ended up in the darknet and has now landed at the Have-I-Been-Pwned project. This data can also be misused for more credible phishing.

(dmk)