Applicant database: CDU regrets error

A week and a half after heise online drew the CDU's attention to a data leak on its job platform, the party has now officially responded for the first time. "The fact that applicants' first and last names were visible on our job portal is due to an unfortunate programming error," a spokesperson for the party told heise online on Friday afternoon. "This has now been rectified and the names can no longer be viewed externally. We are in contact with the responsible data protection authorities regarding further steps." This was confirmed by the Berlin data protection officer responsible for the party headquarters shortly after the incident became known.

The job platform, which was accessible to those interested in jobs with the federal party as well as with state and district associations of the Christian Democrats, is currently still in maintenance mode. Due to the "programming error" in the underlying Drupal system, a total of 4870 name entries were accessible with the correct link. Other data was not freely accessible.

CDU hack: Merz's calendar also affected

The party is currently unable to provide any further details on the effects and the data that was leaked in the clearly serious cyber security incident in May. The party only confirmed to the news agency dpa on Thursday evening that the diary of party chairman Friedrich Merz was also affected. The calendars of high-ranking politicians are often enriched with extensive information - such as preparatory documents, lists of participants and contact details for the secretariats. The State Office of Criminal Investigation of North Rhine-Westphalia has started an investigation into Merz's party diary due to the location of the CDU's IT service provider in Bonn. The Federal Office for Information Security in Bonn and the Federal Office for the Protection of the Constitution in Cologne are also continuing to investigate the incident, a spokesperson for the Federal Ministry of the Interior confirmed in Berlin at midday.

(mack)