Editions:  Austria · Denmark · France · Germany · Italy · Norway · Spain · Sweden · Switzerland
Advertisement

BSI knew about huge data theft weeks ago

Share this article

BSI knew about huge data theft weeks ago
DPA
11:09 CET+01:00
German authorities knew about the theft of the digital identities of 16 million internet users in December, but kept it quiet as they claim they needed time to make "necessary preparations", it emerged on Wednesday.

Millions of accounts containing passwords and email addresses were hacked by an unknown group, the Federal Office for Online Security (BSI) said on Tuesday. 

But BSI President Michael Hange told Bayerischer Rundfunk radio victims were only now being told because authorities had needed time to make preparations.

That included setting up a website where people can check whether their details were among those stolen. The site, which went live on Tuesday, quickly crashed as 300,000 internet users attempted to see if their email addresses were among the ones hacked.

"We needed time to set up a process in line with data protection regulations and we also worked together with a provider," Hange said.  

BSI said it had handled around 12. 6 million online queries and informed 884,000 affected users in Germany by Wednesday.

Justice Minister Heiko Maas, who is also responsible for consumer protection, has described the scale of the hack as "incomprehensible."

However he steered clear of laying blame on authorities for not making the hacking public sooner, stating he was "not familiar with such processes."

But he added: "If a tip is received and there is even a small chance that it's to be taken seriously, that must be communicated quickly."

"It's not just a case of computers being infected but about the theft of entire digital identities," Hange told the Tagesspiegel newspaper.

And Interior Minister Thomas de Mazière praised the BSI's "well-prepared operation".

The BSI said the theft had was discovered by criminal investigators but declined to say how or which authority had conducted the probe.

CLICK HERE for The Local's Technology section

If the site does match the users email address as one of the 16 million stolen, then the BSI said the users computer was likely infected with malicious software.

Half of the accounts ended in .de meaning they were German-based, Tim Griese from Frankfurt-based BSI said on Tuesday.

Affected users are being warned to change all of their associated passwords, including those used to access social networks and for shopping online.

"In principle every form of abuse of data is possible," Thilo Weichert, Schleswig-Holstein state data protection officer,  told the Berliner Zeitung. "We need to take this very seriously."

READ MORE: Hackers access 16 million email accounts

Get notified about breaking news on The Local

Share this article

Advertisement

From our sponsors

10 things you should never do in Germany

Every country has its own unique cultural dos and don'ts. You won't get a round of applause for remembering the dos, but you can get into seriously hot water for forgetting the don'ts. To help you out, here's The Local's guide to 10 things you should never do in Germany.

Advertisement
Advertisement
Advertisement
Advertisement
Advertisement
Advertisement
Advertisement