This month's attack on police servers by the "No Name Crew" hackers had much more serious consequences than previously thought, according to a report in news magazine Focus.
According to the magazine, the government's newly founded cyber-defence department, the Federal Office for Information Security (BSI) reported internally on Friday that every single server of the police's spy programme "Patras" had been infiltrated by hackers.
Patras is used to locate serious criminals and terrorist suspects by gathering information from GPS systems in cars and mobile phones. It is used by both state and federal police forces, as well as Germany's customs officers.
Following the cyber-attack, which took place earlier this month, all of the relevant servers had to be shut down to prevent more data being stolen.
According to the internal BSI report to the German interior ministry, the "No Name Crew" even hacked the central database of the federal police, in Swisstal-Heimerzheim in North Rhine-Westphalia.
This could lead to hundreds of confidential police investigations appearing on the internet. "That is pretty much the worst thing that could happen," an anonymous security officer told Focus.
The report said the hack came about because the police did not adequately protect its servers, using what was described as "cheap protection software." It also said that "fundamental security measures" such as "dealing with passwords" had been ignored.
The No Name Crew had previously hacked the servers of the far-right National Democratic Party and published sensitive information including a list of its donors.